The General Data Protection Regulation ("GDPR" ) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals ("data subjects") within the European Union ("EU"). It also applies to organizations outside of the EU that target EU residents for both commercial and non-commercial activities.
Our GDPR Jumpstart™ engagement focuses on setting the tone and direction of your GDPR Compliance Initiative ("GCI") so that you meet the most requirements in the shortest period of time. This service reviews your "As Is" state and helps guide your named Data Protection Officer (or Representative) to achieving your organization's desired "to be" state of GDPR compliance.
What does it cover?
Discusses your policies, procedures, and tracking mechanisms pertinent to all GDPR requirements and helps you implement same. These steps ensure that, from a legal perspective, your organization could, at a minimum, survive an audit by a Supervisory Authority. Moreover, these steps protect an organization’s operational environment in a manner that preserves the organization’s brand and good will.
- Ensure that your organization has a named and qualified Data Protection Officer or Representative;
- Audit your "As" state of GDPR compliance;
- Perform "Gap Analysis" between your "As Is" and your "To Be" GDPR compliance states;
- Discuss/Implement plan to gather and Inventory Personal Data across applications, devices, locations, etc.;
- Discuss/Implement plan to launch your Risk Management Program;
- Discuss/perform baseline Risk Assessment(s) as required;
- Discuss/Implement Tracking of Security Incidents;
- Discuss/Implement policies and processes for establishing Data Subject: (1) access to Personal Data; (2) modification of Personal Data; (3) erasure of Personal Data ("right to be forgotten") (i.e. entire "Data Subject's Bill of Rights"); etc.
- Discuss/Implement policies and processes pursuant to data backups and disaster recovery plan ("data resiliency").
- Discuss/Implement policies and processes pursuant to the encryption of Personal Data (avoiding breaches).
- Discuss /Implement Data Subject Breach Notification Plan;
- Discuss/Implement policies and processes pursuant to authentication of Data Subjects;
- Discuss/Implement policies and processes pursuant to the destruction of Personal Data (i.e. disposal); and
- Discuss/Develop/Launch plan for GDPR full compliance.
What does it cost?
The cost of our Fixed Fee package is $9,750.00 USD and time boxed at fifteen (30) hours.
What are the deliverables?
As stated above, the deliverables (in part) are: (1) the policies and procedures enumerated above fully discussed, understood, and implemented within your organization; (2) a complete and actionable Risk Assessment(s) implemented as required; and (3) a GDPR remediation plan to get organization on the road to full compliance.
Why should an organization audit their "As Is" GDPR Operational Environment?
Think of it as a kind of insurance policy. It is now widely understood that a significant breach of protected Information will cause large scale financial and reputational damage to your organization (think Target). Our GDPR Jumpstart™ helps you reduce identified Risks to levels that are "reasonable and appropriate" for an organization of your size and complexity.
What parts of your organization are reviewed?
Our GDPR Jumpstart™ reviews one Profit & Loss center within your organization.
What is not covered?
Our GDPR Jumpstart™ produces a Remediation Plan as one of its deliverables. However, actual remediation can be an open-ended project whose cost is NOT included in the Fixed Fee offering and is largely (almost exclusively) the responsibility of the organization.