1. GDPR quick-check
Our GDPR consulting engagement starts with an impact or scope call or meeting with one of our data protection consultants. In this 30-60 minute session we will explore your company, product and challenges specific to your situation. We run through a series of standardized questions combined with our in depth experience in the technology to ask about more details about the most important aspects. Based on this information we can give you a high level overview of the challenges and concerns by email.
Using the information provided in the impact & scope call or meeting we are able to give you a fixed price proposal for the first stage of your compliance process, including the kick-off workshop, 1-on-1 deep dive meetings, in-depth research and report writing. We will also outline the time required, the GDPR consultant team involved and the particular challenges of your compliance situation.
3. Kick-off workshop
The kick-off workshop should be attended by all key stakeholders (typically technical, business and HR) of the client to ensure the project has support and buy-in from all required different departments. During the kick-off workshop we will present all the stakeholders with the high level project plan, a high level explanation of the particular effects of the GDPR on the business model, business processes and data processing activities. We will use this engagement stage to discover how the business is structured and who the key players are we will need to engage with during the 1-on-1 deep dive stage. The kick-off workshop is typically a half-day engagement, depending on the complexity of the business, systems and technology.
4. 1-on-1 deep dive sessions
After we have identified the key points of contact for the GDPR compliance during the kick-off workshop, we schedule and spend time with those who can inform us about business and technical processes in-depth. This will include reviewing any available data protection documentation, in-depth exploration of business processes and communication, and looking at some of the data collection and processing systems as well as the actual data being collected. These sessions are normally in person and may have one or more follow up calls in case certain aspects are unclear.
Engagement type: In person at your office, follow-up phone calls.
During the research stage we will get into the details of the particular challenges in the compliance situation, seek clarification for complicated matters and consult with our internal experts and external advisors where needed.
6. Report writing
The last stage of the compliance project is for us to produce a report about your situation, the desired situation, and the top priorities to address for GDPR compliance. This GAP report and remediation plan will help to make decisions about which aspects to approach first and how to execute, outsource and prioritize this work.
Our Approach to GDPR Compliance
TechGDPR believes that GDPR compliance can be reached easiest through an in-depth and holistic understanding of the 3 main areas, Technology, Business and Legal:
Regardless if you are working with highly complex blockchain environments or a fairly simple app backed by cloud infrastructure, it is important to evaluate the stack and providers used and ensure that data is secured to an appropriate standard, for example by using encryption, two-factor authentication or other technological means.
To reach a compliant state without impacting the business model unreasonably, it is important to go through an in-depth evaluation of these in relation to the privacy rights of individuals. Sometimes a (slight) adjustment may be required in order to comply to the GDPR. We help you discover the least intrusive options.
To learn more about GDPR training, workshops, keynotes and webinars.
We’ll be in touch in the next days
Or call us directly at +49 (0)30 5490 8661