Our objectives
DEVELOPING
A GDPR PRIVACY PLAN
Conduct a comprehensive assessment of the organization readiness for GDPR and develop a plan of action to reach compliance
MANAGING
PRIVACY COMPLAINTS AND INDIVIDUAL RIGHTS
Develop processes and policies to respond to requests made by individuals (right to information but also access, rectification, restriction, objection, erasure and portability rights)
IMPLEMENTING
PRIVACY BY DESIGN/PRIVACY ENGINEERING
Implement technical and organization measures to show that the origination has considered and integrated data compliance measures into data processing activities
MEETING
REGULATORY REPORTING REQUIREMENTS
Set up methods to review compliance activities and keep records for internal and external reporting to demonstrate compliance (e.g. privacy notices and records of privacy-related escalation handling activities)
CREATING
DATA INVENTORY
AND MAPS
Inventory of processing activities and data flows, classified by data type, purpose and responsibilities.
OBTAINING
AND MANAGING USER CONTENT
Develop processes to comply with new content requirements: ‘a statement or a clear affirmative action’ from the data subject, must be ‘freely given, specific, informed and unambiguous’
CREATING
A THIRD PARTY MANAGEMENT PROGRAM
Manage third party vendor risk and create policies, procedures and on-going management to ensure third party compliance and implementation of necessary contractual arrangements
MANAGING PRIVACY INCIDENTS AND BREACH NOTIFICATION
Review information security policies and breach handling incident response plans to comply with the strict formal reporting (notification) obligations
DATA
DE-IDENTIFICATION/ ANONYMIZATION
Assess and implement anonymization and pseudonymization techniques to fall outside the scope of the GDPR or comply with certain requirements
ADDRESSING
INTERNATIONAL DATA TRASNFERS
Map international data flows and manage mechanism to allow for transfer of data to non-EEA countries (BCRs, MCCs, Privacy Shield, etc.)
CONDUCTING
PRIVACY RISK ASSESSMENTS (PIAs/DPIAs)
Design and implement processes to conduct and manage PIAs/DPIAs and risk assessments across the organization, based on legal and regulatory requirements
SELECTION
OF APPROPRIATE SECURITY TECHNICAL AND ORGANISATIONAL MEASURES
Implement physical, technical, and administrative measures to keep personal data secure and confidential through adequate standard or certification