GDPR Roadmap+
Implementation Program

We train a working group (privacy team) within the company and support the process of GDPR implementation. You can lay ISO27701 or Nymity Privacy Accountability Framework on the basis of the GDPR Roadmap.

Why is Roadmap+ Implementation program both comprehensive and convenient?

Sustainability – an internal privacy team supports the system when the implementation is over.
If the GDPR implementation process is done exclusively by other consultants, there is risk that after the project is completed, the system will fall into neglect, as internal specialists lack both expertise and motivation to take care of the company’s processing activities. We start with creating a privacy team comprising HRs, developers, project managers, SMM specialists, support team members, etc. By doing so we make sure that your company can deal with most GDPR-related issues independently after the project is finished.
Motivation – companies having an internal privacy team show more efficiency in GDPR implementation.
When all GDPR-related tasks are set by other consultants, employees are often reluctant to take these tasks and handle them with diligence. On the contrary, tasks that grow naturally from the company’s intention to be compliant with the GDPR are performed with much more enthusiasm and care.
Support – the company is guided through the whole process of GDPR implementation.
Based on ISO27701 and the Nymity Privacy Accountability Framework, the working group, consisting of privacy team and DPO consultants will create a systematic GDPR Roadmap – a step-by-step list of activities. The Roadmap is tailored to the needs of your company and addresses the resources (time, human and financial resources) available to you.
Accuracy – you know what to do, as well as when and how to do it.
Together with the DPO team the company creates an action-plan, in which all tasks are prioritized and time-framed. It is your business and its immediate needs that dictates what measures are to be taken first, taking into consideration the resources you have.

First Phase: GDPR Roadmap Preparation

Workgroup formation

Implementation of the program will require the formation of a working group. The project's success depends on the involvement of the major stakeholders in the customer relationship.

Typically, the group includes representatives from every department or division of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives from the company's main areas and products.

Working groups must include executives who make decisions or have a significant influence on them since some tasks require the assistance of those with power in the company.


The working group receives training based on the GDPR Data Privacy Professional course, delivered by a certified professional CIPP/E, CIPM, FIP, MBA – lasting 24 hours (5 days).

Second Phase: Creating the GDPR Roadmap


Over four working sessions, identification of projects covered by the GDPR. GDPR-compliant areas, projects, and products must be selected. According to Article 30 of the GDPR, the personal data processing register is filled out.


Choosing from 139 activities in the Nymity Privacy Accountability Framework or 150 requirements of ISO 27001 and 27701 that apply to your organization.


Assessment of the risks associated with selected activities for the organization and the data subjects, the complexity of their implementation, and their benefits in the current environment.


Evaluation of resources required for implementation of GDPR Roadmap (people as well as management support; processes; technologies, and tools).

Third Phase: GDPR Roadmap Implementation


By this point, we have successfully implemented the activities planned for the GDPR Roadmap within 4 or 12 working sessions. Firstly, we handle high-risk and high-priority tasks.

By this point, we have successfully implemented the activities planned for the GDPR Roadmap within 4 or 12 working sessions. Firstly, we handle high-risk and high-priority tasks.

Our consultants can handle some work on the basis of prepaid hours (60 or 120 hours, depending on the selected service package). Throughout the entire implementation phase, the working group allocates these hours.

What is the purpose of consulting hours?

Work that requires significant practical experience or in-depth analysis may require significant practical experience. Consultants are more efficient and adept at this type of work.

Who runs the program?

Siarhei Varankevich


Founder of DPO Europe GmbH. Data Protection Trainer and Principal Consultant

MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT).

Format of work


This section discusses the auxiliary training module, the division of tasks (why and what? who and how?), examples, and templates.

Intersessional work

Members of the working group independently implement the selected activities between sessions.


Our consultants provide support between working sessions and carrying out the outsourced work.

Packages of services

GDPR Roadmap
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • ≈ 3 months
GDPR Roadmap + 50% Compliance
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • 4 sessions
    GDPR Roadmap implementation
  • 60 hours
  • GDPR Aware up to 200 pers.
    Gift 1
  • ≈ 6 months
GDPR Roadmap + 80% Compliance
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • 12 sessions
    GDPR Roadmap implementation
  • 120 hours
  • GDPR Aware up to 200 pers.
    Gift 1
  • GDPR DPT up to 20 pers.
    Gift 2
  • ≈ 12 months

* Statistics and calculation of the GDPR Compliance level, along with the number of consulting hours, are provided as examples for an organization with 100-500 employees and 3-5 main products or processes involving personal data.

Each package can be customized based on your company’s needs and specifics during a consultation.

  1. *Identifying areas, projects, and products that need to be brought into GDPR-compliance.
  2. Determining which Nymity Privacy Accountability Framework activities are applicable.
  3. Prioritizing selected activities.
  4. Resource assessment for the implementation of the GDPR Roadmap.

Have a question? Contact us

When you complete the form, you will:
  • Have the opportunity to ask questions concerning data protection.
  • Discover if this product is right for your business or project.
  • Receive directions on cost, duration, and other details.

Please contact us to schedule an online meeting with a privacy expert!

P.S. Didn’t find anything that suited your needs on the site? Put a brief description of your situation into the “Comment” field. We are very flexible and offer personalized solutions.