The primary goal of the methodology used is to support the customer in achieving full compliance with the GDPR, which therefore cannot ignore a good level of autonomy in data governance, which is required to comply with the principle of accountability.
Operationally, a fundamental assumption is the correct execution of a Gap Analysis (“GA”) that fully demonstrates the state of affairs of business treatment, both in substantial terms and in relation to current legislation: on the basis of a complete and correct GA, it will be possible to identify the necessary and appropriate interventions for a full compliance with the GDPR.
In the context of the complete adjustment path, the Customer must therefore be put in the condition:
1) to correctly collect the information needed for GA
2) to be an active part in the development of the first adjustment plan for the GDPR
3) to manage autonomously the continuous implementation of the GDPR.
The tools to operate in this sense will be provided through a preventive workshop activity – at the Customer’s office – performed by our Studio: training as a guide for a correct path of compliance.
During and following the interactive work done, will be made – with our assistance and supervision -, all the actions needed for a proper first mapping, functional to the GA.
At the conclusion of these activities, on the basis of the collected and organized information, our Studio will complete the collection of detail information possibly still missing and will carry out the analyses and evaluations to define the differences between the actual state of affairs and the desired level of compliance and to provide guidelines for possible macro solutions and assistance in the evaluation aimed at defining priorities for interventions.
At this point in the process, a new interactive phase (workshop) leads to predisposition – by the customer but with our assistance and supervision – of the first adjustment plan to the GDPR and makes the Customer independent in defining the details of the compliance path and the consequent continuous implementation plan: this puts the Customer in a position to be able to choose what kind of support to ask for external consultants for the implementation of specific interventions, possibly also selecting different ones (for example, for specific projects, contracts, technology).
The activity includes the implementation of guidelines for the revision and adjustment of documents, procedures and technical / organizational measures used by the Customer as well as a computerized infra-group privacy management system and a final report.
The activities described are also carried out using a proprietary software that the customer can access through a web interface.
Further details can be found in the attached tab.