This web site uses cookies. You are free to manage your cookie settings in your web browser at any time. For more about how we use cookies, please read our data privacy policy.

GDPR project delivery approach and organisation

GDPR project delivery approach

Our project delivery approach
How we organise the GDPR control framework delivery

Our approach is stepped as follows:

  1. GDPR readiness assessment or audit
  2. GDPR control structure
  3. GDPR operation and maintenance
  4. Outsourced services
    1. Data Protection Officer
    2. EU representative

Each step takes your organisation closer to full GDPR compliance.

If your organisation already has some embedded GDPR compliance, you may be able to cherry pick from the list but only after an assessment or audit has been performed.

GDPR readiness assessment or audit

  1. Establishes your organisation's relative GDPR maturity
  2. Fact finding accomplished through a questionnaire and interviews (face-to-face or remote)
  3. Final findings replayed to the organisation for approval
  4. Assessment or audit report prepared showing key risk and remediation areas
  5. Project Brief (PID) and plan delivered for performing risk and remediation work

See more detail about this service.

GDPR control structure

Template based delivery containing: governance model, operating model, risk integration, policies, standards, procedures, training material, best practice and "how to" documents

Delivers a GDPR framework operating model that implements "appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation (the GDPR)".

Your organisation can choose between:

  1. 100% do it yourself using our GDPR framework benchmark model general template pack badged with your logo
  2. Guided do it yourself using our GDPR framework benchmark model template pack under our guidance and oversight
  3. Contracting us to resource and run the project

See more detail about this service.

GDPR operation and maintenance

An in-depth project to ensure that all business and support areas are GDPR compliant with regard to personal data, policies, standards, procedures, governance, operations, escalation and risk management.

Key areas covered are:

  1. Data subject transparency and preferences
  2. Personal data classification
  3. Personal data use *
  4. Personal data minimisation
  5. Personal retention and deletion
  6. Personal data rights (SAR)
  7. Personal data security
  8. Personal data controls

* One of the primordial components that can be delivered by the personal data use key area is a single view of all data subjects. This can be created using a pragmatic deduplication and merging model that can be used as is or enhanced by using existing external services.

See more detail about this service.

Outsourced services

Our services enable your organisation to fully outsource:

  1. your data protection compliance operation
  2. your Data Protection Officer function
  3. your need for a GDPR representative in the European Union.

Both the outsourced Data Protection Officer and GDPR EU representative functions adhere to their relevant descriptions stated in the GDPR.

All outsourced services require a GDPR audit of the organisation prior to acceptance. Your organisation will also need to show proof of financial means to support any GDPR financial penalties.

Software as a service

We offer GDPR compliance framework control software as a service covering key areas such as:

  1. Contract management (Data Processing Agreements between Data Controllers and Data Processors)
  2. Selection due diligence
  3. Subject Access Requests
  4. Reporting of Personal Data Breaches
  5. Records of processing activities
  6. etc.

Conclusion

All aspects of our offers enable full GDPR compliance:

  1. GDPR readiness assessment or audit
  2. GDPR control structure
  3. GDPR operation and maintenance
  4. Outsourced services to de-risk your organisation

In summary, our offers:

    • enable full GDPR compliance,
    • de-risk your organisation,
    • improve your customers' journey and relationship,
    • demonstrate that you operate a trustworthy organisation that respects data privacy.