Your company understands that GDPR compliance is not an option, it is a requirement.
Being fully compliant with GDPR is, for some organization, a daunting task. However, showing that you take GDPR seriously is not !
We usually favour a triple-phased approach :
- Foundation : Initial efforts to align with requirements of GDPR and assess your own specific situation
- Setup: Remaining efforts to reach a sufficient readiness & maturity level
- Run: Recurrent efforts to deal with each identified deviation as well as any changes in the legislation
Depending on the size of your organization, its complexity in terms of data processing activities and the availability of key internal stakeholders, the duration of these three steps can range from a few weeks to a few months.
1. “Foundation” phase
Because there is no “one size fits all” approach to GDPR compliancy, the first step will aim at analyzing the specificities of your operations in order to better grasp the expected efforts to be delivered.
However, we don’t “simply” perform some kind of audit which in essence does not materialize in real progress. Instead, we leverage on delivering real deliverables which enables us, in parallel, to assess your organization exposure to GDPR.
We typically deliver following deliverables at the end of the “foundation” phase:
- Formal statement
- Data Process Register
- Roadmap for full compliancy
2. “Setup” phase
During this phase, we roll out the roadmap defined during the assessment phase. Typical interventions to be considered are:
- Follow-up & status meetings
- Documentation (legal or technical) review & draft
- Briefings, trainings & other awareness material for key internal stakeholders
The implementation can be done swiftly by your organization’s internal resources and with our support, but it can also require a tremendous amount of field work. If you do not have the capacity to handle this amount of work internally, we can take care of the implementation for you.
3. “Run” phase
By then, you’ll have reached an acceptable level of GDPR compliancy. You can take it from here, with or without our help as [deputy] Data Protection Officer to keep the governance under control or, to unburden yourself from this non-core business workload.
If you’re interested, please refer to our “DPO as a Service” offer to get more information.