GDPR

STAGE A’

Mapping of Personal Data (Mapping Analysis)

• Completion of specific questionnaires by company executives who manage personal data
• Organization of supplementary relevant interviews
• Identification of the type of personal data
• Determination of the methods of collection, storage, and processing of personal data (data flow)
• Identification of the legal basis (lawful basis for processing personal data) under which any data processing is carried out
• Identification of commercial practices with third parties that may have an impact on the company’s ability to comply with the GDPR
• Study of the technological ecosystem (applications, infrastructure, storage and processing facilities in external or internal units) in collaboration with the company’s IT manager
• Identification of ‘gaps’ in relation to the Regulation (Gap Analysis)
• Preparation of a preliminary study based on the applicable documented procedures
• Delivery of the preliminary study to management and provision of general guidelines

STAGE B’

Compliance Plan Design

• Identification of deviations from GDPR requirements
• Preparation of a High-Level Plan of Proposed Initiatives and Actions and establishment of an implementation timetable
• Specification of specific proposals aimed at revising unforeseen policies and procedures
• Establishment of safeguards in the company’s technological ecosystems and physical archives in collaboration with the company’s IT department
• Extensive briefing and training of staff on personal data management
• Three (3) hour staff training seminar

STAGE C’

Implementation of compliance with legal issues

• Drafting, completing, harmonizing, and revising existing contracts and other documents
• Developing and drafting an appropriate and comprehensive Data Protection Policy (Data Protection Legal Framework)
• Processing and drafting of an appropriate and comprehensive Privacy Policy for the website (if the company has one)
• Drafting of an activity log & briefing – training of the data controller on its lawful maintenance
• Drafting of a data breach response plan – log book

Our Law Office is additionally in a position to:

• provide a Data Protection Officer with an annual cooperation agreement (DPO as a Service)
• train and support on legal issues, the company/business executive selected for the position of DPO, for as long as deemed necessary (DPO Support Team), so that the executive ultimately selected can successfully perform their duties
• to advise, with regard to specific personal data processing, on the need to conduct a personal data impact assessment (DPIA – Data Privacy Impact Assessment)