In 100 days to GDPR compliance*
Through our proven GDPR compliance processes, we achieve an acceptable state of GDPR compliance within the first 100 days of working with us for over 85% of our clients.
3-step GDPR compliance process with 2 key deliverables
Our 3-step GDPR compliance process has helped many organizations make big GDPR compliance steps in a short amount of time:
In the GDPR Discovery Workshop (step 1), we engage with your key stakeholders to uncover the details of your processing activities. During this half day engagement with two of our consultants the most urging issues are discussed, and some preliminary findings will be shared.
During the Data Mapping (step 2) process, we create an Art. 30 GDPR record of processing activities, which also serves as the cornerstone of your compliance and the rest of the work we engage in.
The Analysis and Report (step 3) gives you the full overview over your state of compliance, the challenges, considerations and our expert conclusions. An important part are the prioritized recommendations that give you a clear to-do list which we can also help you execute subsequently.
Designated lead consultant
At the beginning of the engagement we will assign a dedicated account manager/lead consultant for your organization, who is your fixed point of contact and makes sure the project is professionally and successfully executed.
Internally they will work with the wider team with diverse skills to ensure the best experience and skills are assigned to the tasks in the project we carry our for you.
In 100 days to GDPR compliance*
If you haven’t previously addressed GDPR compliance, the last update is already long ago, or if key items (like Records of Processing Activities) are not available or up to date, the compliance kick-start is a great way to make a lot of progress in a small amount of time.
The 3-step process typically takes 8-10 weeks, so together with some additional deliverables we can get most organizations (depending on size and complexity) to a good state of compliance within 100 days.
* Through our proven processes, we achieve an acceptable state of GDPR compliance within the first 100 days of working with us for over 85% of our clients.
Additional deliverables
After (or sometimes during) the 3-step process, we can produce or draft specific deliverables needed for your compliance. These can be internal or external communications, policies, documents or particular assessments. We can also serve as your DPO after the initial compliance kick-start.
Data Protection Impact Assessment (DPIA)
For data processing activities that pose a high risk to the rights and freedoms of individuals, or those using new technology, you will need to carry out a DPIA as required by Art 35. GDPR.
Data Processing Addendum/Agreement
Your Data Processing Addenda (DPAs) govern the relationship with other entities and the data processing on each others behalf. Solid DPAs are the base of this and Standard Contractual Clauses (SCCs) may be needed on top.
Privacy policy and cookie policy
A clear and concise privacy policy and cookie policy demonstrate your commitment to compliance publicly. This should reflect your actual processing activities and help you build trust about your data activities.
Requirements and expectations are different for each client, so we have the flexibility to adapt our processes, deliverables and time-frame. Depending on how much work we have ongoing, the availability of information or by adapting the scope, we can sometimes help much faster. Simply ask us for the possibilities!