Next Step to GDPR – Where to Start

GDPR Update 2017

Data Protection - Assigning Responsibility

GDPR Final Rule

Article 29 DP Working Party – Guidelines for Identifying Controller/Processor Lead Authority (WP244)

Article 29 DP Working Party – Designation of a DPO (WP243)

Article 29 DP Working Party - Guidelines on the Right to Data Portability (WP242)

Sample Personal Data Inventory Workbook

​GDPR Consent - Logical Layout

CALL US  +1.720-638-5064

Privacy International, LLP
              Privacy Compliance and Data Protection Services

                                                                                                 Over 19 years of domestic and international privacy knowledge.

General Data Protection Regulation (“GDPR”) 

Assistance in  defining and providing  a  practical  approach for  your  GDPR  compliance  program,  to  include  funding  and  resource estimates,  executive presentations, an  overall  task  plan  for  the  overwhelming  group  of activities  that  need  be  addressed.

Evaluation of personal data collected

.       Review of the consent language, validate the purposes of use are consistent with the language;

.       Identify the types of data, sources, and storage locations;

.       Identification of data that may be exempt from the GDPR obligations (i.e. HR data).  

Analysis of data flows, access and security

.       Creation of data flow maps: source systems (on-line, retail, product/service promotions), data transfers, storage and backup locations;

.       Validation of user access, role and functionality (view only, extract, modify, etc.);Identification of security measures in place (encryption, intrusion detection, audit logs, etc.).

Assessment of administrative procedures

.   Evaluation of the operations capabilities to handle choice, access, correction and erasure requests;

.   Define key measurements (handling time, percentage completed, number of escalations, etc.);

.   Determine frequency of reporting metrics and recipients’ to executive management;

.   Define and document data breach response procedures.

Evaluate cross border agreements (BCR, Model Contracts, etc.)

.     Identification of all entities (internal and external) that collect, use or transfer personal data;

.     Identify which category the entity falls within; controller or processor;

.     Update or execute cross border agreements as necessary.

Define data management practices

.   Based on the data flow assessment, regulatory and legal obligations; define a retention schedule;

.   Document the systems, databases or physical storage that maintain the personal data;

.   Validate any technology and resources necessary to implement data destruction processes.

General Data Protection Regulation (“GDPR”) Services

Many organizations collect and process personal data of European Union (“EU”) data subjects when providing goods, services (paid or free) or completing behavior monitoring activities.  When international transfers of personal data undertaken as part of the business operations, the organization will be required to be in compliance with GDPR by May 2018.

Privacy International, LLP has extensive experience that can assist the organization in defining the scope of work, identify the funding and resources and develop executive management presentations to gain the support needed to be successful.