TechGDPR

GDPR Consulting Engagement Process

1. GDPR quick-check

Our GDPR consulting engagement starts with an impact or scope call or meeting with one of our data protection consultants. In this 30-60 minute session we will explore your company, product and challenges specific to your situation. We run through a series of standardized questions combined with our in depth experience in the technology to ask about more details about the most important aspects. Based on this information we can give you a high level overview of the challenges and concerns by email.

2. Proposal

Using the information provided in the impact & scope call or meeting we are able to give you a fixed price proposal for the first stage of your compliance process, including the kick-off workshop, 1-on-1 deep dive meetings, in-depth research and report writing. We will also outline the time required, the GDPR consultant team involved and the particular challenges of your compliance situation.

3. Kick-off workshop

The kick-off workshop should be attended by all key stakeholders (typically technical, business and HR) of the client to ensure the project has support and buy-in from all required different departments. During the kick-off workshop we will present all the stakeholders with the high level project plan, a high level explanation of the particular effects of the GDPR on the business model, business processes and data processing activities. We will use this engagement stage to discover how the business is structured and who the key players are we will need to engage with during the 1-on-1 deep dive stage. The kick-off workshop is typically a half-day engagement, depending on the complexity of the business, systems and technology.

4. 1-on-1 deep dive sessions

After we have identified the key points of contact for the GDPR compliance during the kick-off workshop, we schedule and spend time with those who can inform us about business and technical processes in-depth. This will include reviewing any available data protection documentation, in-depth exploration of business processes and communication, and looking at some of the data collection and processing systems as well as the actual data being collected. These sessions are normally in person and may have one or more follow up calls in case certain aspects are unclear.

Engagement type: In person at your office, follow-up phone calls.

5. Research

During the research stage we will get into the details of the particular challenges in the compliance situation, seek clarification for complicated matters and consult with our internal experts and external advisors where needed.

6. Report writing

The last stage of the compliance project is for us to produce a report about your situation, the desired situation, and the top priorities to address for GDPR compliance. This GAP report and remediation plan will help to make decisions about which aspects to approach first and how to execute, outsource and prioritize this work.

Our Approach to GDPR Compliance

TechGDPR believes that GDPR compliance can be reached easiest through an in-depth and holistic understanding of the 3 main areas, Technology, Business and Legal:

Technology

Regardless if you are working with highly complex blockchain environments or a fairly simple app backed by cloud infrastructure, it is important to evaluate the stack and providers used and ensure that data is secured to an appropriate standard, for example by using encryption, two-factor authentication or other technological means.

Business

To reach a compliant state without impacting the business model unreasonably, it is important to go through an in-depth evaluation of these in relation to the privacy rights of individuals. Sometimes a (slight) adjustment may be required in order to comply to the GDPR. We help you discover the least intrusive options.

Legal

As part of the GDPR compliance procedure you will need to produce or update some legal documents, including contracts, Non-disclosure-agreements, Data Processing Agreements and your Privacy Policy. While TechGDPR can help you with some of these, others will require the help of a legal professional.

 

Learn more about our engagement process and approach to compliance.