GDPR Services

As enforcement date of the GDPR has arrived, your business may still require assistance in updating your GDPR compliance program, to include; defining funding and resource estimates, impacts and risks outlined in a executive presentation, an overall task plan for the overwhelming group of activities that need be updated.

Go To

Evaluation of Personal Data Collected

  • Review of the consent language, validate the purposes of use are consistent with the language;
  • Identify the types of data, sources, and storage locations;
  • Identification of data that may be exempt from the GDPR obligations (i.e. HR data).

Analysis of Data Flows, Access and Security

  • Creation of data flow maps: source systems (on-line, retail, product/service promotions), data transfers, storage and backup locations;
  • Validation of user access, role and functionality (view only, extract, modify, etc.); Identification of security measures in place (encryption, intrusion detection, audit logs, etc.).

Assessment of Administrative Procedures

  • Evaluation of the operations capabilities to handle choice, access, correction and erasure requests;
  • Define key measurements (handling time, percentage completed, number of escalations, etc.);
  • Determine frequency of reporting metrics and recipients’ to executive management;
  • Define and document data breach response procedures.

Evaluation of Personal Data Collected

  • Identification of all entities (internal and external) that collect, use or transfer personal data;
  • Identify which category the entity falls within; controller or processor;
  • Update or execute cross border agreements as necessary.

Define Data Management Practices

  • Based on the data flow assessment, regulatory and legal obligations; define a retention schedule;
  • Document the systems, databases or physical storage that maintain the personal data;
  • Validate any technology and resources necessary to implement data destruction processes.
Privacy International, LLP