Fit for the GDPR in 6 steps
Highly specialised legal counsel and IT-security experts will advise and assist you in implementing the EU General Data Protection Regulation in 6 steps:
1. GAP ANALYSIS
We shall carry out a GAP analysis in your company, identifying the areas and processes in which the requisite compliance is satisfied and where there is a need for action. The GAP analysis will show which types of personal data are processed in which departments and systems and where the coming changes to be introduced by the GDPR will require measures to be taken.
2. ANALYSIS OF PROCESSES AND ASSESSMENT OF RISKS
We shall examine the processes from the angle of current data-protection law and assess them with regard to the new requirements of the GDPR, of the new German Data Protection Act (BDSG), and of sector-specific data protection. In this way we shall identify any non-compliance with the GDPR and other requirements. We shall then assess any risk you may run of suffering penalties, and the possible timeframe for putting the requisite measures in place.
3. DRAWING UP A REPORT PRIORITISING REQUISITE MEASURES
The findings produced by the analysis will be prioritised, using a risk-assessment, and set out in a report or summary. Based on our many years of experience in advising companies on data-protection law, the result will contain practical recommendations for action to put the recommended measures in place.
4. PRESENTATION OF RESULTS WITH STAKEHOLDERS AND PLANNING FOR IMPLEMENTATION
We shall present the results to you and launch further planning and project management. A particularly important factor in this context is budget planning, in the course of which a precise examination must be made of the resources which are available and necessary. The project planning will particularly comprise the distribution of responsibilities, so that short communication channels can ensure a process of implementation which saves time and resources.
5. SUPPORT IN IMPLEMENTING THE REQUISITE MEASURES
We shall support you in implementing all requisite measures to guarantee compliance at the right time in the areas concerned. We shall provide help and ensure continuous documentation and monitoring of all measures. We shall draw up the necessary documents and guidelines and amend contracts and processes.
6. REGULAR CHECK ON IMPLEMENTATION OF STANDARDS – BUILDING UP A DATA-PROTECTION MANAGEMENT SYSTEM
Ultimately the coming amendments to legislation require a permanent check to be kept on data-protection standards in your company. The last step is therefore the continual monitoring of the implementation of these measures and a scrutiny of developments in this area. In short: we shall put a functioning data-protection management system in place in your company.