Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the breadth of the regulation’s requirements and document roles and responsibilities.
Define your GDPR scope and prioritize initiatives based on risk.
Understand the requirements for a record of processing and determine who will own it.
Document your DPO decision and align security strategy to data privacy.
Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Kick-off the workshop; understand and define GDPR as it exists in your organizational context.
Prioritize your business units based on GDPR risk.
Assign roles and responsibilities.
1.1 Kick-off and introductions.
1.2 High-level overview of weekly activities and outcomes.
1.3 Identify and define GDPR initiative within your organization’s context.
1.4 Determine what actions have been done to prepare; how have regulations been handled in the past?
1.5 Identify key business units for GDPR committee.
1.6 Document business units and functions that are within scope.
1.7 Prioritize business units based on GDPR.
1.8 Formalize stakeholder support.
Prioritized business units based on GDPR risk
GDPR Compliance RACI Chart
Know the rationale behind a record of processing.
Determine who will own the record of processing.
2.1 Understand the necessity for a record of processing.
2.2 Determine for each prioritized business unit: are you a controller or processor?
2.3 Develop a record of processing for most-critical business units.
2.4 Perform legitimate interest assessments.
2.5 Document an iterative process for creating a record of processing.
Initial record of processing: 1-2 activities
Initial legitimate interest assessment: 1-2 activities
Determination of who will own the record of processing
Review existing security controls and highlight potential requirements.
Ensure the initiatives you’ll be working on align with existing controls and future goals.
3.1 Determine the appetite to align the GDPR project to data classification and data discovery.
3.2 Discuss the benefits of data discovery and classification.
3.3 Review existing incident response plans and highlight gaps.
3.4 Review existing security controls and highlight potential requirements.
3.5 Review all initiatives highlighted during days 1-3.
Highlighted gaps in current incident response and security program controls
Documented all future initiatives
Review project plan and initiatives and prioritize.
Finalize outputs of the workshop, with a strong understanding of next steps.
4.1 Analyze the necessity for a data protection officer and document decision.
4.2 Review project plan and initiatives.
4.3 Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.
4.4 Develop a data protection policy.
4.5 Finalize key deliverables created during the workshop.
4.6 Present the GDPR project to key stakeholders.
4.7 Workshop executive presentation and debrief.
GDPR framework and prioritized initiatives
Data Protection Policy
List of key tools
Communication plans
Workshop summary documentation