Gap analysis
Your challenges
- Have you assessed the readiness of your organisation in relation to the GDPR?
- Have you identified key stakeholders within the organisation?
- Are you aware of the main GDPR-related risks for the organisation?
- Have you identified the possible areas of improvement?
- Did you prioritise the remediation steps of your GDPR compliance project in an actionable roadmap with manageable deadlines?
What does it include?
- Comprehensive GDPR health-check of your organization, whilst involving and training the key stakeholders;
- Identification of risks by GDPR and data privacy experts;
- Specific recommendations tailored to your organisation;
- Detailed action plan adapted to your situation.
Key benefits
- Timely assistance by a team of experts in the field;
- Continuous communication to you in the project, ensuring alignment with ongoing projects;
- Standardized and proven risk assessment approach throughout the organisation.
Key deliverables
- Gap & risk identification report, including recommendations to address identified gaps;
- Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits".
Implementation assistance
Your challenges
- Is the understanding of the GDPR sufficient to draft policies and procedures, covering all necessary areas?
- Were you able to identify all personal data processing activities?
- Do you have experienced resources available to implement your remediation plan?
- How do you ensure a correct "roll-out" and "buy-in" of the implemented measures within the organisation?
- How do ensure proper change management in your organisation?
What does it include?
- Application of best practices and adapting them fully to your organisation;
- Drafting of GDPR-related procedures and policies;
- Assistance with change management.
Key benefits
- Timely implementation by a team of experts in the field;
- On-the-go training and continuous involvement of your stakeholders;
- Enjoying flexibility and a tailored approach, aligned with your organisation's business objectives.
Key deliverables
- GDPR-related policies and procedures;
- Inventory of personal data processing (art.30);
- Control framework for IT security;
- GDPR monitoring tools.
DPIA completion
Your challenges
- Have you correctly identified all personal data processing activities requiring a DPIA?
- Do you have a proper methodology to conduct DPIAs?
- Did you consider all mandatory steps of a DPIA?
- Are you sure to have correctly assessed the corresponding risks?
- Have you discussed with the appropriated persons, when conducting the DPIA?
What does it include?
- An evaluation of processing activities requiring a DPIA;
- Identification of the relevant risks;
- Assessment of the risks, security measures in place and evaluating the remaining risks.
Key benefits
- Timely performance of tasks by a team of experts in the field;
- Involvement of and consulting the DPO at each step of the DPIA process;
- Involvement of the personal data processing owners;
- "Outsider" view of the organisation and risk assessment approach.
Key deliverables
- Tailored DPIA methodology;
- List of processing activities, where a DPIA is required;
- Completed DPIAs, including risk assessments, evaluations and conclusions.
Training
Your challenges
- Are the staff members aware of the GDPR, and its implications on their day-to-day job?
- Do the staff members know what to do when they receive a compliant as to data privacy?
- Have you been following the best practices in the market place?
- How to efficiently train staff located in various locations, with the same level of interactivity?
What does it include?
- Training sessions, covering all the key elements of the GDPR;
- Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
- Feedback on the usual pain points of complying with data privacy.
Key benefits
- Training sessions tailored to your business and organizational needs;
- Delivered by experts in the field, having a long track record of successfully delivering GDPR training sessions;
- Trainers who engage the participants, making the sessions interactive, leaving a long lasting impact.
Key deliverables
- Introduction to advanced training session, from new joiners and entry-level staff to C-level and board members;
- Support material in English or French, highlighting the key elements of the regulation.
Operational testing of procedures
Your challenges
- You have drafted GDPR-related policies and procedures, but do they cover all the necessary topics?
- Are your data privacy policies and procedures properly enforced by all members of staff?
- Will members of staff be able to tackle real-life situations, in accordance with your policies and procedures?
- How well do you respect the 72-hour timeframe to report high risk breaches to the CNPD?
What does it include?
- Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
- Review and recommendations as per your internal GDPR documents (i.e. policies and procedures);
- Potential improvements to your policies and procedures.
Key benefits
- An "outsider" assessment of the enforcement of your data privacy framework;
- Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
- A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach.
Key deliverables
- Thorough assessment of the operational readiness and application of your policies and procedures;
- Detailed comments and recommendations on your GDPR-related documentation.
Privacy IQ
Your challenges
- You have set up a comprehensive GDPR program and struggle to follow up on your compliance plan?
- You want to follow up on your register of data subject processing, and its updates?
- You identify your risks and look to record and monitor them?
- You look for a centralized place to log in and follow incidents?
- You wonder how to demonstrate your accountability with the GDPR?
What does it include?
- Access to a web-based portal helping the management of most parts of your GDPR compliance programme, in project and BAU modes;
- Time-efficient deployment tailored to your needs and situation;
- Accelerators for a risk-based approach of GDPR.
Key benefits
- A platform built on experience, by subject matter experts;
- Scalable to your business;
- Access to GDPR local expertise;
- Use on a need-to-do basis, while accessing all modules.
Key deliverables
- Access to the Privacy IQ platform.
DPO function implementation and review
Your challenges
- How is data privacy organised in your company?
- Is your data privacy manager or DPO properly equipped to cope with the regulator's expectations?
- How can you demonstrate accountability with GDPR on paper and in practice?
- Have you assessed all data privacy risks?
- Can you react in 72 hours should a data breach happen?
What does it include?
Depending on your requirements, we could provide you with:
- Comprehensive GDPR health-check of your organisation, whilst involving and training the key stakeholders and identification of risks by GDPR and data privacy experts;
- Specific recommendations tailored to your organisation including a detailed action plan adapted to your situation;
- Drafting or review of GDPR-related procedures and policies;
- Assistance with change management, including training sessions, covering all the key elements of the GDPR;
- Identification and assessment of the relevant risks, security measures in place and evaluating the remaining risks;
- An evaluation of processing activities requiring a DPIA and performing them;
- Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
- Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
- A complete scan of your drives (structured and non-structured) data including the identification of personal data which is no longer being used or which exist as copies created during the life cycle of the data;
- Attacks from the internal network (malicious employee/ third party, client in a meeting room, etc.), from the Internet, targeting exposed infrastructure (public servers, etc.) or employees (phishing, etc.) or on mobile devices and mobile applications.
Key benefits
- Timely assistance by a team of experts in the field;
- Standardized and proven risk assessment approach throughout the organisation;
- Tailored approach, aligned with your organization's business objectives;
- Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
- A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach;
- Fully automated scan and classification of your storage within weeks;
- Classification criteria completely adapted to your organisation;
- Thorough reports, covering access rights, classification categories enabling to assess the security measures in place;
- Attacks can be fully tailored to your needs and expectations;
- Tests are run in confidentiality, ensuring "real-life" simulations and results.
Key deliverables
- Gap & risk identification report, including recommendations to address identified gaps;
- Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits";
- GDPR-related policies and procedures;
- Inventory of personal data processing (art.30), highlighting these requiring a DPIA;
- Completed DPIA;
- GDPR-awareness training sessions or e-learning;
- Thorough assessment of the operational readiness and application of your policies and procedures;
- Detailed comments and recommendations on your GDPR-related documentation;
- Report of personal data usage, classification and access within your organisation;
- Penetration test report (including main findings, recommendations to fix the discovered flaws and improve your security level).