Get Instant Access
to This Blueprint

Security icon

Fast Track Your GDPR Compliance Efforts

Quickly address regulatory requirements, even after the deadline.

  • Organizations often tackle compliance efforts in an ad hoc manner, resulting in an ineffective use of resources.
  • The alignment of business objectives, information security, and data privacy is new for many organizations, and it can seem overwhelming.
  • GDPR is an EU regulation that has global implications; it likely applies to your organization more than you think.

Our Advice

Critical Insight

  • Financial impact isn’t simply fines. A data controller fined for GDPR non-compliance may sue its data processor for damage.
  • Even day-to-day activities may be considered processing. Screen-sharing from a remote location is considered processing if the data shown onscreen contains personal data!
  • This is not simply an IT problem. Organizations that address GDPR in a siloed approach will not be as successful as organizations that take a cross-functional approach.

Impact and Result

  • Follow a robust methodology that applies to any organization and aligns operational and situational GDPR scope. Info-Tech's framework allows organizations to tackle GDPR compliance in a right-sized, methodical approach.
  • Adhere to a core, complex GDPR requirement through the use of our documentation templates.
  • Understand how the risk of non-compliance is aligned to both your organization’s functions and data scope.
  • This blueprint will guide you through projects and steps that will result in quick wins for near-term compliance.

Fast Track Your GDPR Compliance Efforts

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should fast track your GDPR compliance efforts, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Understand your compliance requirements

Understand the breadth of the regulation’s requirements and document roles and responsibilities.

2. Define your GDPR scope

Define your GDPR scope and prioritize initiatives based on risk.

4. Align your data breach requirements and security program

Document your DPO decision and align security strategy to data privacy.

5. Prioritize your GDPR initiatives

Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

10.0/10


Overall Impact

$61,999


Average $ Saved

35


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

N/A

20

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

$61,999

50

Helmerich & Payne, Inc.

Workshop

9/10

$30,999

110

The Task Force for Global Health

Guided Implementation

10/10

$12,742

5

Citron Hygiene

Guided Implementation

10/10

$2,000

2

The American Institute of Architects

Workshop

9/10

$117K

44

Werner Co.

Workshop

10/10

$63,667

20

ChoiceTel

Guided Implementation

10/10

$1.12M

20

ATS Automation Tooling Systems Inc

Guided Implementation

10/10

$10,000

10

The American Waterways Operators

Guided Implementation

10/10

$5,093

10

Packaging Machinery Manufacturers Institute

Guided Implementation

9/10

N/A

N/A

ABP Induction

Guided Implementation

6/10

N/A

N/A

Pita Pit Limited

Guided Implementation

10/10

$9,000

50

Starwood Capital Group

Guided Implementation

10/10

$127K

20

Ecore International

Guided Implementation

7/10

N/A

N/A

Werner Co.

Guided Implementation

9/10

$70,034

23

Sodexo - Europe

Guided Implementation

8/10

N/A

N/A


Onsite Workshop: Fast Track Your GDPR Compliance Efforts

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Understand Your Compliance Requirements

The Purpose

  • Kick-off the workshop; understand and define GDPR as it exists in your organizational context.

Key Benefits Achieved

  • Prioritize your business units based on GDPR risk.
  • Assign roles and responsibilities.

Activities

Outputs

1.1

Kick-off and introductions.

1.2

High-level overview of weekly activities and outcomes.

1.3

Identify and define GDPR initiative within your organization’s context.

1.4

Determine what actions have been done to prepare; how have regulations been handled in the past?

1.5

Identify key business units for GDPR committee.

1.6

Document business units and functions that are within scope.

1.7

Prioritize business units based on GDPR.

  • Prioritized business units based on GDPR risk
1.8

Formalize stakeholder support.

  • GDPR Compliance RACI Chart

Module 2: Define Your GDPR Scope

The Purpose

Know the rationale behind a record of processing.

Key Benefits Achieved

Determine who will own the record of processing.

Activities

Outputs

2.1

Understand the necessity for a record of processing.

2.2

Determine for each prioritized business unit: are you a controller or processor?

2.3

Develop a record of processing for most-critical business units.

  • Initial record of processing: 1-2 activities
2.4

Perform legitimate interest assessments.

  • Initial legitimate interest assessment: 1-2 activities
2.5

Document an iterative process for creating a record of processing.

  • Determination of who will own the record of processing

Module 3: Satisfy Documentation Requirements and Align With Your Data Breach Requirements and Security Program

The Purpose

Review existing security controls and highlight potential requirements.

Key Benefits Achieved

Ensure the initiatives you’ll be working on align with existing controls and future goals.

Activities

Outputs

3.1

Determine the appetite to align the GDPR project to data classification and data discovery.

3.2

Discuss the benefits of data discovery and classification.

3.3

Review existing incident response plans and highlight gaps.

  • Highlighted gaps in current incident response and security program controls
3.4

Review existing security controls and highlight potential requirements.

3.5

Review all initiatives highlighted during days 1-3.

  • Documented all future initiatives

Module 4: Prioritize GDPR Initiatives

The Purpose

Review project plan and initiatives and prioritize.

Key Benefits Achieved

Finalize outputs of the workshop, with a strong understanding of next steps.

Activities

Outputs

4.1

Analyze the necessity for a data protection officer and document decision.

4.2

Review project plan and initiatives.

4.3

Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.

  • GDPR framework and prioritized initiatives
4.4

Develop a data protection policy.

  • Data Protection Policy
4.5

Finalize key deliverables created during the workshop.

  • List of key tools
4.6

Present the GDPR project to key stakeholders.

  • Communication plans
4.7

Workshop executive presentation and debrief.

  • Workshop summary documentation

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Member Rating

10.0/10
Overall Impact

$61,999
Average $ Saved

35
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 5-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Understand your compliance requirements
  • Call #1 - Understand the regulation and general scope for your organization.

Guided Implementation #2 - Define your GDPR scope
  • Call #1 - Prioritize initiatives on the risk map.
  • Call #2 - Determine your operational or situational scope for each business unit.

Guided Implementation #3 - Satisfy documentation requirements
  • Call #1 - Review the record of processing.
  • Call #2 - Review legitimate interest assessments for key processing activities.

Guided Implementation #4 - Align your data breach requirements & security program
  • Call #1 - Review current incident response program.
  • Call #2 - Determine your need for a DPO and the alignment to your security strategy.

Guided Implementation #5 - Prioritize your GDPR initiatives
  • Call #1 - Review your GDPR project.

Author(s)

Aaron Shum

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019