Data Privacy Roadmap is the systemic management and coordination of your GDPR implementation process, including consulting, support and Q&A sessions.

We implement the roadmap based on international best practice, centered on the experience gained in multiple privacy cases of various specifications and levels of complexity, in accordance with ISO 27701.

Once the roadmap has been implemented, you are capable to independently maintain it internally and withstand any external audits.


Establishment of the work group

The work group is established  to execute the implementation program. This includes the main stakeholders that deal with the company’s customers, on which the success of the project depends.

This group includes representatives of every department and division of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives of the main areas and products of the company.

Some tasks require the assistance of persons who have the power within the company; therefore, the working group must include people who make decisions or have a significant influence on them.

Work group training

The work group is trained based on the GDPR Data Privacy Professional course by a certified professional and information privacy manager CIPP/E, CIPM, FIP, MBA.  The duration is 24 hours (4 full days or 8 half-days of classes).


This phase will cover the following processes:

  • Identification of projects falling within the GDPR framework 

  • Selection of areas, projects, and products, which have to conform with the GDPR

  • Completing the register of personal data processing in accordance with Article 30 of the GDPR

  • Choosing which of the 150+ requirements of ISO 27001 and 27701 or 139 Nymity Privacy Accountability Framework activities are applicable to your organization

  • Ranking selected activities based on risk to the organization and data subjects, by the complexity of implementation and benefits of said activities in the current situation

  • Assessment of resources required for the implementation of the GDPR Roadmap (staff, which  includes management support; processes; technologies, and tools)

PHASE III: GDPR Roadmap Implementation

During this phase, we start with the implementation of the activities we planned in the GDPR Roadmap and distribute them between work sessions.  The priority is to initiate the high-risk and high-priority tasks identified during our assessment.   

All decisions and main tasks are implemented by the working group in accordance with International Project Management Standards with the support and training of our certified CIPM managers and  CIPP/E consultants.

Depending on your selected service package, work will also be outsourced to our internal consultants based on the prepaid hours. The allocation decisions are made by the working group throughout the entire implementation phase.

Why will you require a Roadmap?

Other than legal requirements, it is highly recommended that your organization follows the roadmap if you wish to:

  • establish an in-house centre of data protection expertise and become independent of external consultants,

  • avoid your business departments demanding the impossible from lawyers in terms of GDPR,

  • overcome resistance to change,

  • make GDPR implementation systematic, comprehensive, and self-sustained by internal staff.

Select Your Solution

Please, provide us with your details and request to assist you with a free express audit.