GDPR Implementation Service

GDPR is all about protecting personal data – and it’s not just changing the landscape of regulated data protection law, but the way that companies collect and manage personal data. It is an evolution of the EU’s existing data rules, the Data Protection Directive (DPD). It addresses many of the shortcomings in the DPD: adding requirements for documenting IT procedures, performing risk assessments under certain conditions, notifying the consumer and authorities when there is a breach, and strengthening rules for data minimization.

Our GDPR guide puts forward a GDPR implementation methodology designed to:

• Engage stakeholders to ensure timely and efficient organizational readiness for GDPR.

• Implement effective procedures that embed GDPR-compliant operational behaviors.

• Establish assurance criterion that will sustain and evidence GDPR accountability.

The methodology consists of a three phases (Prepare, Operate, Maintain), with each incorporating a number of supporting activities. The objective defined for each phase is attained once all of the activities for that phase have been successfully executed.

Phase I: Prepare

Ensure stakeholder engagement and organisational readiness for GDPR

Phase II: Operate

Implement effective procedures that embed GDPR compliant operational behaviours

Phase III: Maintain

Deliver assurance and evidence of on-going GDPR accountability