1. Free GDPR Quick-Check Call
Our process begins with a quick check — a phone call or meeting with one of our data protection consultants. In this free 30-minute session, TechGDPR will learn about your company, products and services, and ask about the specific challenges your company may be facing. TechGDPR runs through a series of standardized questions combined with our in-depth experience in the technology to identify and prioritize the most urgent issues. Based on this information we can give you a high-level overview of the challenges and concerns by email.
Using the information provided in quick-check call or meeting, TechGDPR offers a fixed-price proposal for the first stage of your compliance process, including a kick-off workshop, 1-on-1 deep-dive meetings, in-depth research, and report writing. The proposal will also outline the timeline, the GDPR consultants involved, and the particular challenges of your company’s compliance situation.
3. Kick-off Workshop
The kick-off workshop should be attended by all key stakeholders (typically technical, business, and HR) within the company to ensure the project has support and buy-in from all relevant departments. During the kick-off workshop, TechGDPR will present stakeholders with the high-level project plan, a high-level explanation of the particular effects of the GDPR on the business model, business processes, and data processing activities. TechGDPR uses this engagement stage to discover how the business is structured and which employees should be contacted during the 1-on-1 deep-dive stage. The kick-off workshop is typically one half day, depending on the complexity of the business, systems, and technology.
4. 1-on-1 Deep-Dive Sessions
After TechGDPR has identified the key participants for GDPR compliance during the kick-off workshop, we schedule and meet with those who can inform us about business and technical processes in depth. This will include reviewing any available data protection documentation, in-depth exploration of business processes and communication, and looking at some of the data collection and processing systems, as well as the actual data being collected. These sessions are normally in person and may have one or more follow-up calls when certain aspects need clarification.
During the research stage, TechGDPR will further investigate the details of challenges in your company’s particular compliance situation, seek clarification for complicated matters, and consult with our internal experts and external advisors as needed.
6. Report Writing
The last stage of the compliance process is delivering a GAP report about your company’s current situation, targets outcomes, and the top priorities to address GDPR compliance. This report and remediation plan will help your company identify which aspects to approach first and how to execute, outsource, and prioritize this work.
Our Approach to GDPR Compliance
TechGDPR believes that GDPR compliance can be reached easiest through an in-depth and holistic understanding of the three main areas: technology, business, and legal.
Regardless if you are working with highly complex blockchain environments or a fairly simple app backed by cloud infrastructure, it is important to evaluate the stack and providers used to ensure that data is secured to an appropriate standard, such as using encryption, two-factor authentication, or other technological means.
In order to reach a compliant state without impacting the business model unreasonably, it is important to go through an in-depth evaluation of data collection and processing in relation to the privacy rights of individuals. Sometimes a (slight) adjustment may be required in order to comply to the GDPR. TechGDPR helps you identify the least intrusive options.
To learn more about GDPR training, workshops, keynotes and webinars.
We’ll be in touch soon.
Or call us directly at +49 (0)30 5490 8661