Our objectives

DEVELOPING
A GDPR PRIVACY PLAN

Conduct a comprehensive assessment of the organization readiness for GDPR and develop a plan of action to reach compliance

MANAGING
PRIVACY COMPLAINTS AND INDIVIDUAL RIGHTS

Develop processes and policies to respond to requests made by individuals (right to information but also access, rectification, restriction, objection, erasure and portability rights)

IMPLEMENTING
PRIVACY BY DESIGN/PRIVACY ENGINEERING

Implement technical and organization measures to show that the origination has considered and integrated data compliance measures into data processing activities

MEETING
REGULATORY REPORTING REQUIREMENTS

Set up methods to review compliance activities and keep records for internal and external reporting to demonstrate compliance (e.g. privacy notices and records of privacy-related escalation handling activities)

CREATING
DATA INVENTORY

AND MAPS

Inventory of processing activities and data flows, classified by data type, purpose and responsibilities.

OBTAINING
AND MANAGING USER CONTENT

Develop processes to comply with new content requirements: ‘a statement or a clear affirmative action’ from the data subject, must be ‘freely given, specific, informed and unambiguous’

CREATING
A THIRD PARTY MANAGEMENT PROGRAM

Manage third party vendor risk and create policies, procedures and on-going management to ensure third party compliance and implementation of necessary contractual arrangements

MANAGING PRIVACY INCIDENTS AND BREACH NOTIFICATION

Review information security policies and breach handling incident response plans to comply with the strict formal reporting (notification) obligations

DATA
DE-IDENTIFICATION/ ANONYMIZATION

Assess and implement anonymization and pseudonymization techniques to fall outside the scope of the GDPR or comply with certain requirements

ADDRESSING
INTERNATIONAL DATA TRASNFERS

Map international data flows and manage mechanism to allow for transfer of data to non-EEA countries (BCRs, MCCs, Privacy Shield, etc.)

CONDUCTING
PRIVACY RISK ASSESSMENTS (PIAs/DPIAs)

Design and implement processes to conduct and manage PIAs/DPIAs and risk assessments across the organization, based on legal and regulatory requirements

SELECTION
OF APPROPRIATE SECURITY TECHNICAL AND ORGANISATIONAL MEASURES

Implement physical, technical, and administrative measures to keep personal data secure and confidential through adequate standard or certification