Here we undertake a thorough assessment of scope of GDPR applicability. We determine the assets required to be GDPR compliant and the business portion which has to be excluded.
It includes asset identification, risk assessment, and existing control identification. Based on basic tenets of GDPR, we decide the cost-effective measures for achieving data privacy and security. A detailed implementation plan is carried out.
Implementation stage involves mapping data flows in and out of the organisation, establishing policies and procedures to generate lines of accountability and maintaining a system of checks-and-balances to ensure compliance with GDPR.
Under this phase conduct Privacy Impact Assessment (PIA) and Data Protection Audits (DPA) via seminars, workshops, questionnaires, PIA frameworks and onsite inspections.
Certification process It is carried out by independent auditors (generally a US-based CPA), not by the implementers. We help you find suitable auditor for the certification process and help throughout the process.