TechGDPR

GDPR Consulting Engagement Process

How TechGDPR engages with clients throughout the consulting process.

1. Free GDPR Quick-Check Call

Our process begins with a quick check a phone call or meeting with one of our data protection consultants. In this free 30-minute session, TechGDPR will learn about your company, products and services, and ask about the specific challenges your company may be facing. TechGDPR runs through a series of standardized questions combined with our in-depth experience in the technology to identify and prioritize the most urgent issues. Based on this information we can give you a high-level overview of the challenges and concerns by email.

2. Proposal

Using the information provided in quick-check call or meeting, TechGDPR offers a fixed-price proposal for the first stage of your compliance process, including a kick-off workshop, 1-on-1 deep-dive meetings, in-depth research, and report writing. The proposal will also outline the timeline, the GDPR consultants involved, and the particular challenges of your company’s compliance situation.

3. Kick-off Workshop

The kick-off workshop should be attended by all key stakeholders (typically technical, business, and HR) within the company to ensure the project has support and buy-in from all relevant departments. During the kick-off workshop, TechGDPR will present stakeholders with the high-level project plan, a high-level explanation of the particular effects of the GDPR on the business model, business processes, and data processing activities. TechGDPR uses this engagement stage to discover how the business is structured and which employees should be contacted during the 1-on-1 deep-dive stage. The kick-off workshop is typically one half day, depending on the complexity of the business, systems, and technology.

4. 1-on-1 Deep-Dive Sessions

After TechGDPR has identified the key participants for GDPR compliance during the kick-off workshop, we schedule and meet with those who can inform us about business and technical processes in depth. This will include reviewing any available data protection documentation, in-depth exploration of business processes and communication, and looking at some of the data collection and processing systems, as well as the actual data being collected. These sessions are normally in person and may have one or more follow-up calls when certain aspects need clarification.

5. Research

During the research stage, TechGDPR will further investigate the details of challenges in your company’s particular compliance situation, seek clarification for complicated matters, and consult with our internal experts and external advisors as needed.

6. Report Writing

The last stage of the compliance process is delivering a GAP report about your company’s current situation, targets outcomes, and the top priorities to address  GDPR compliance. This report and remediation plan will help your company identify which aspects to approach first and how to execute, outsource, and prioritize this work.

Our Approach to GDPR Compliance

TechGDPR believes that GDPR compliance can be reached easiest through an in-depth and holistic understanding of the three main areas: technology, business, and legal.

Technology

Regardless if you are working with highly complex blockchain environments or a fairly simple app backed by cloud infrastructure, it is important to evaluate the stack and providers used to ensure that data is secured to an appropriate standard, such as using encryption, two-factor authentication, or other technological means.

Business

In order to reach a compliant state without impacting the business model unreasonably, it is important to go through an in-depth evaluation of data collection and processing in relation to the privacy rights of individuals. Sometimes a (slight) adjustment may be required in order to comply to the GDPR. TechGDPR helps you identify the least intrusive options.

Legal

As part of the GDPR compliance procedure, your company will need to produce or update some legal documents, including contracts, non-disclosure-agreements, data processing agreements and privacy policy. While TechGDPR can help you with some of these, others will require the help of a legal professional.

 

Learn more about our engagement process and approach to compliance.