Problem | Solution |
|---|---|
Sustainability – an internal privacy team supports the system when the implementation is over. | If the GDPR implementation process is done exclusively by other consultants, there is risk that after the project is completed, the system will fall into neglect, as internal specialists lack both expertise and motivation to take care of the company’s processing activities. We start with creating a privacy team comprising HRs, developers, project managers, SMM specialists, support team members, etc. By doing so we make sure that your company can deal with most GDPR-related issues independently after the project is finished. |
Motivation – companies having an internal privacy team show more efficiency in GDPR implementation. | When all GDPR-related tasks are set by other consultants, employees are often reluctant to take these tasks and handle them with diligence. On the contrary, tasks that grow naturally from the company’s intention to be compliant with the GDPR are performed with much more enthusiasm and care. |
Support – the company is guided through the whole process of GDPR implementation. | Based on ISO27701 and the Nymity Privacy Accountability Framework, the working group, consisting of privacy team and DPO consultants will create a systematic GDPR Roadmap – a step-by-step list of activities. The Roadmap is tailored to the needs of your company and addresses the resources (time, human and financial resources) available to you. |
Accuracy – you know what to do, as well as when and how to do it. | Together with the DPO team the company creates an action-plan, in which all tasks are prioritized and time-framed. It is your business and its immediate needs that dictates what measures are to be taken first, taking into consideration the resources you have. |
Implementation of the program will require the formation of a working group. The project's success depends on the involvement of the major stakeholders in the customer relationship.
Typically, the group includes representatives from every department or division of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives from the company's main areas and products. Working groups must include executives who make decisions or have a significant influence on them since some tasks require the assistance of those with power in the company.The working group receives training based on the GDPR Data Privacy Professional course, delivered by a certified professional CIPP/E, CIPM, FIP, MBA – lasting 24 hours (5 days).
Over four working sessions, identification of projects covered by the GDPR. GDPR-compliant areas, projects, and products must be selected. According to Article 30 of the GDPR, the personal data processing register is filled out.
Choosing from 139 activities in the Nymity Privacy Accountability Framework or 150 requirements of ISO 27001 and 27701 that apply to your organization.
Assessment of the risks associated with selected activities for the organization and the data subjects, the complexity of their implementation, and their benefits in the current environment.
Evaluation of resources required for implementation of GDPR Roadmap (people as well as management support; processes; technologies, and tools).
By this point, we have successfully implemented the activities planned for the GDPR Roadmap within 4 or 12 working sessions. Firstly, we handle high-risk and high-priority tasks.
By this point, we have successfully implemented the activities planned for the GDPR Roadmap within 4 or 12 working sessions. Firstly, we handle high-risk and high-priority tasks.
Our consultants can handle some work on the basis of prepaid hours (60 or 120 hours, depending on the selected service package). Throughout the entire implementation phase, the working group allocates these hours.
Work that requires significant practical experience or in-depth analysis may require significant practical experience. Consultants are more efficient and adept at this type of work.
CIPP/E, CIPM, CIPT, MBA, FIP
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT).
This section discusses the auxiliary training module, the division of tasks (why and what? who and how?), examples, and templates.
Members of the working group independently implement the selected activities between sessions.
Our consultants provide support between working sessions and carrying out the outsourced work.
* Statistics and calculation of the GDPR Compliance level, along with the number of consulting hours, are provided as examples for an organization with 100-500 employees and 3-5 main products or processes involving personal data.
Each package can be customized based on your company’s needs and specifics during a consultation.
Please contact us to schedule an online meeting with a privacy expert!
P.S. Didn’t find anything that suited your needs on the site? Put a brief description of your situation into the “Comment” field. We are very flexible and offer personalized solutions.
