We offer you to become GDPR compliant in a way that will make a business sense for your company and bring you closer to success
GDPR Compliance Program
Compliance with GDPR requires a combination of legal, business and technical skills from GDPR experts:
Legal skills are needed to assess the legal basis on which the processing of personal data takes places as per the Regulation, to amend existing or draft new contracts for collection of personal data or its transfer to another processor, a joint controller or another entity and to prepare unambiguous and explicit statements of consent.
Personal Data usually resides in and is processed by software tools such as ERPs, CRMs, Directories, Payroll Systems, Databases, Online tools, etc. and is stored/archived/backed up in local storages or on the cloud. Therefore, information Security is of vital importance for the protection of personal data and a whole project on its own. Thus, technical skills are an absolute must.
DataKnights GDPR compliance program consists of three stages: Discovery, Design and Implementation. However, the participation of legal, business and technical GDPR experts is required in every stage.
At the Discovery Stage, we identify the main type of data processed and the scope of processing at your organization, and we determine the exact application of the GDPR for your own company. The goal is to identify the main provisions of the Regulation that apply to your Organization. More specifically, the first stage consists of the following:
• Awareness Session
• Assessment on Applicability of the Regulation
• Scope and Plan of Work for Next Stages
The Design Stage is about defining and planning the actions that need to be taken in order to achieve compliance. It includes:
• Preparation of Data Flow Mapping
• An Assessment of the Legal Basis of Each Processing
• Preparation of Gap Analysis
• Definition of an Actions Plan
• Definition of the DPO’s Roles and Responsibilities
The third and last stage of the Program is the Implementation Stage. During this phase, all the organizational, procedural, legal and other actions, that have already been planned in the previous stage, shall be implemented. In particular, during this stage the following actions will be taken:
• Data Privacy Impact Analysis (DPIA) Preparation
• Data Leakage Notification Process Preparation
• Contracts Legal Review
• Statements of Consent Drafting
• Key Personnel Training
• DPO Training
GDPR Annual Program Support
Although the implementation of an initial GDPR compliance program covers all the necessary operations in order to meet strict criteria of the new GDPR, it requires constant updating and needs to harmonize with future changes to the provisions of the GDPR. Moreover, it should be constantly adjusted and updated on any changes of the processing that the Organization is performing.
As such, DataKnights offers an annual management consulting service that will cater for all the above and will in essence update the Compliance Program according to the Regulation or business environment changes:
• Support to the DPO for the Management of the Data Leakage Notification Process
• Consulting Services and Support the Assigned DPO for Any Matters That May Arise in Regards to Data Privacy
Data Protection Officer
One of the major challenges of the new GDPR is the appointment of a Data Protection Officer (DPO) to monitor, execute and report data processing in accordance to the legislation. The DPO will be responsible for both your organization’s GDPR compliance as well as liaise with the relative authorities.
Our firm offers to undertake the role of a DPO on behalf of your organization. The assigned DPO will:
• Be the Only Contact Point with the National Data Protection Authorities
• Review and Supervise the Compliance with the Regulation and the Adherence to the Defined Policies and Procedures
• Deliver Additional Hands-on Support for Employees Where and When Needed
• Maintain and Update the Data Flow Mapping Records
• Maintain and Update the Data Privacy Impact Analysis (DPIA)
• Manage the Data Leakage Notification Process
Still not sure where to start?
We understand that it can be overwhelming at first. We are here to help.