Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Fast Track Your GDPR Compliance Efforts

Quickly address regulatory requirements, even after the deadline.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Your Challenge

  • Organizations often tackle compliance efforts in an ad hoc manner, resulting in an ineffective use of resources.
  • The alignment of business objectives, information security, and data privacy is new for many organizations, and it can seem overwhelming.
  • GDPR is an EU regulation that has global implications; it likely applies to your organization more than you think.

Our Advice

Critical Insight

  • Financial impact isn’t simply fines. A data controller fined for GDPR non-compliance may sue its data processor for damage.
  • Even day-to-day activities may be considered processing. Screen-sharing from a remote location is considered processing if the data shown onscreen contains personal data!
  • This is not simply an IT problem. Organizations that address GDPR in a siloed approach will not be as successful as organizations that take a cross-functional approach.

Impact and Result

  • Follow a robust methodology that applies to any organization and aligns operational and situational GDPR scope. Info-Tech's framework allows organizations to tackle GDPR compliance in a right-sized, methodical approach.
  • Adhere to a core, complex GDPR requirement through the use of our documentation templates.
  • Understand how the risk of non-compliance is aligned to both your organization’s functions and data scope.
  • This blueprint will guide you through projects and steps that will result in quick wins for near-term compliance.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should fast track your GDPR compliance efforts, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Understand your compliance requirements

Understand the breadth of the regulation’s requirements and document roles and responsibilities.

2. Define your GDPR scope

Define your GDPR scope and prioritize initiatives based on risk.

4. Align your data breach requirements and security program

Document your DPO decision and align security strategy to data privacy.

5. Prioritize your GDPR initiatives

Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.

Guided Implementations

This guided implementation is an eight call advisory process.

Guided Implementation #1 - Understand your compliance requirements

Call #1 - Understand the regulation and general scope for your organization.

Guided Implementation #2 - Define your GDPR scope

Call #1 - Prioritize initiatives on the risk map.
Call #2 - Determine your operational or situational scope for each business unit.

Guided Implementation #3 - Satisfy documentation requirements

Call #1 - Review the record of processing.
Call #2 - Review legitimate interest assessments for key processing activities.

Guided Implementation #4 - Align your data breach requirements & security program

Call #1 - Review current incident response program.
Call #2 - Determine your need for a DPO and the alignment to your security strategy.

Guided Implementation #5 - Prioritize your GDPR initiatives

Call #1 - Review your GDPR project.

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Understand Your Compliance Requirements

The Purpose

  • Kick-off the workshop; understand and define GDPR as it exists in your organizational context.

Key Benefits Achieved

  • Prioritize your business units based on GDPR risk.
  • Assign roles and responsibilities.

Activities

Outputs

1.1

Kick-off and introductions.

1.2

High-level overview of weekly activities and outcomes.

1.3

Identify and define GDPR initiative within your organization’s context.

1.4

Determine what actions have been done to prepare; how have regulations been handled in the past?

1.5

Identify key business units for GDPR committee.

1.6

Document business units and functions that are within scope.

1.7

Prioritize business units based on GDPR.

  • Prioritized business units based on GDPR risk
1.8

Formalize stakeholder support.

  • GDPR Compliance RACI Chart

Module 2: Define Your GDPR Scope

The Purpose

Know the rationale behind a record of processing.

Key Benefits Achieved

Determine who will own the record of processing.

Activities

Outputs

2.1

Understand the necessity for a record of processing.

2.2

Determine for each prioritized business unit: are you a controller or processor?

2.3

Develop a record of processing for most-critical business units.

  • Initial record of processing: 1-2 activities
2.4

Perform legitimate interest assessments.

  • Initial legitimate interest assessment: 1-2 activities
2.5

Document an iterative process for creating a record of processing.

  • Determination of who will own the record of processing

Module 3: Satisfy Documentation Requirements and Align With Your Data Breach Requirements and Security Program

The Purpose

Review existing security controls and highlight potential requirements.

Key Benefits Achieved

Ensure the initiatives you’ll be working on align with existing controls and future goals.

Activities

Outputs

3.1

Determine the appetite to align the GDPR project to data classification and data discovery.

3.2

Discuss the benefits of data discovery and classification.

3.3

Review existing incident response plans and highlight gaps.

  • Highlighted gaps in current incident response and security program controls
3.4

Review existing security controls and highlight potential requirements.

3.5

Review all initiatives highlighted during days 1-3.

  • Documented all future initiatives

Module 4: Prioritize GDPR Initiatives

The Purpose

Review project plan and initiatives and prioritize.

Key Benefits Achieved

Finalize outputs of the workshop, with a strong understanding of next steps.

Activities

Outputs

4.1

Analyze the necessity for a data protection officer and document decision.

4.2

Review project plan and initiatives.

4.3

Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.

  • GDPR framework and prioritized initiatives
4.4

Develop a data protection policy.

  • Data Protection Policy
4.5

Finalize key deliverables created during the workshop.

  • List of key tools
4.6

Present the GDPR project to key stakeholders.

  • Communication plans
4.7

Workshop executive presentation and debrief.

  • Workshop summary documentation