The GDPR Regulation supersedes the 1995 Data Protection Directive (DPD) by improving the protection of the personal data of European citizens by offering new rights to the use of personal data. Our GDPR specialists team can manage the process of adhering to these changes from the initial stage of identifying the risks to the company and the impact of GDPR on personal data collected from customers, post-implementation consultancy, ensuring compliance with the rules constantly by all work processes.

Aligning your company’s GDPR involves the following approach:

Phase 1, which includes: analysis of the existing situation and mapping of personal tiles and existing processes.
Basically, after completing this phase, you have all the information in order to be able to continue on its own the implementation of the GDPR accession measures.

  • Phase 2, which includes support for the implementation of the proposed measures in internal processes and documents, the adaptation of documents / procedures / contracts, including support for implementing solutions to ease work after May 25, 2018

Thus, the assessment of the current situation as well as the understanding of the specifics of the business, of the processed personal data categories and of the main processes will be made by:

  • Analyze public data
  • Discussions with management
  • Completing an assessment questionnaire by those responsible
  • Studying the provided documents (on request)
  • Agreeing results with management

It will then be used to identify the personal data used (both from the subjects and from other sources or products of the company) – on business areas – as well as the identification of the means of processing and storing the information:

  • Analysis of the answers to the questionnaire,
  • Provision of information on request (process documents, contracts or data examples)
  • For high generalized domains (HR, accounting, video security, GPS …), starting with a standard set of existing data, only the differences are analyzed) – for a minimum effort

The next step will be to identify and map the processing goals (by data types), the length of the processing, the roles involved, and the third parties that have access to the data.

Analysis of risks and gaps is done by identifying gaps and proposing alternatives. For each non-compliance with GDPR requirements, we will analyze:

  • the risk (in terms of impact on the subjects, but also on the business),
  • alternatives will be presented,
  • an estimate of deployment costs will be made

Finally, a proposal for missing procedures / procedures will be made, and for areas not previously addressed, a set of new processes and procedures will be proposed.

**** The proposed processes and procedures will require some further customization, depending on the implementation possibilities, or will contain a set of new requirements that will need to be included in internal documents or contracts with third parties.