Data Privacy Roadmap is the systemic management and coordination of your GDPR implementation process, including consulting, support and Q&A sessions.
We implement the roadmap based on international best practice, centered on the experience gained in multiple privacy cases of various specifications and levels of complexity, in accordance with ISO 27701.
Once the roadmap has been implemented, you are capable to independently maintain it internally and withstand any external audits.
PHASE I: GDPR ROADMAP PREPARATION
Establishment of the work group
The work group is established to execute the implementation program. This includes the main stakeholders that deal with the company’s customers, on which the success of the project depends.
This group includes representatives of every department and division of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives of the main areas and products of the company.
Some tasks require the assistance of persons who have the power within the company; therefore, the working group must include people who make decisions or have a significant influence on them.
Work group training
PHASE II: GDPR ROADMAP CREATION
This phase will cover the following processes:
Identification of projects falling within the GDPR framework
Selection of areas, projects, and products, which have to conform with the GDPR
Completing the register of personal data processing in accordance with Article 30 of the GDPR
Choosing which of the 150+ requirements of ISO 27001 and 27701 or 139 Nymity Privacy Accountability Framework activities are applicable to your organization
Ranking selected activities based on risk to the organization and data subjects, by the complexity of implementation and benefits of said activities in the current situation
Assessment of resources required for the implementation of the GDPR Roadmap (staff, which includes management support; processes; technologies, and tools)
PHASE III: GDPR Roadmap Implementation
During this phase, we start with the implementation of the activities we planned in the GDPR Roadmap and distribute them between work sessions. The priority is to initiate the high-risk and high-priority tasks identified during our assessment.
All decisions and main tasks are implemented by the working group in accordance with International Project Management Standards with the support and training of our certified CIPM managers and CIPP/E consultants.
Depending on your selected service package, work will also be outsourced to our internal consultants based on the prepaid hours. The allocation decisions are made by the working group throughout the entire implementation phase.
Why will you require a Roadmap?
Other than legal requirements, it is highly recommended that your organization follows the roadmap if you wish to:
establish an in-house centre of data protection expertise and become independent of external consultants,
avoid your business departments demanding the impossible from lawyers in terms of GDPR,
overcome resistance to change,
make GDPR implementation systematic, comprehensive, and self-sustained by internal staff.