- Our GDPR Readiness service helps companies comply with the General Data Protection Regulation.
- We’ll examine your company’s data processing workflows, identify GDPR compliance gaps, and advise on how to become compliant.
- During GDPR Readiness, Vicis Law will:
- Understand and document the company’s organizational structure in relation to GDPR, assess and document privacy-related policies.
- Assess your current data privacy stature under all of the GDPR provisions. Discover where protected information is located in your enterprise and affected systems.
- Identify the data that is currently in and out of scope of GDPR, assist in building data flows/data maps to ensure all data is brought within the scope of GDPR compliance.
- Identify and document data and information assets, asses and determine a proposed classification level for each identified data and information asset.
- Identify and document impacted data processing workflows.
- Evaluate controller or processor governance and the need for an EU representative and/or a Data Protection Officer (DPO).
- Determine EU Lead Supervisory Authority, if applicable.
- Review GDPR enterprise conformance programs such as data use, consent activities, data subject requests.
- Assess data subject rights to consent, access, correct, delete, and transfer personal data.
- Document control design against specific GDPR articles.
- Data Security: develop processes to ensure appropriate security measures are established to ensure compliance with Article 32 – Security of Personal Data/Security of Processing.
- Data Portability: develop processes to ensure compliance with Article 20 – Right to data portability.
- Data Erasure: develop processes to ensure compliance with Article 17 – Right to be forgotten.
- Data Breaches: develop processes to ensure compliance with Article 33 – Notification of a personal data breach to the supervisory authority and Article 34 – Communication of a personal data breach to the data subject.
- A final GDPR Readiness report will be provided detailing observations and compliance gaps and will include a GDPR roadmap and implementation plan. Where policy and procedural gaps are found, company-specific custom policies and business processes will be designed and provided.