top of page

GDPR preparation - consulting

We have reached a new stage of preparation for the European Union's requirements for the management of personal data (GDPR). At the introduction in 2018, many people only completed preparations that deserved a grade below two. There are also organizations that have not prepared the mandatory documentation even since then. Many laws, such as the Info Act, the Labor Code, the Act on Camera Systems, etc. has changed since the introduction of the GDPR, which necessitates the updating of GDPR documentation on several occasions.

 

The organizations applying the GDPR themselves went through a number of changes, developments and downsizing during the 2018 introduction, opened a web store, started online education or system subscription organization and started using cloud services in their IT system._cc781905-5cde-3194-bb3b- 136bad5cf58d_

 

All these changes require immediate changes in the organizations' GDPR documentation and published data management information.

 

Not yet prepared to comply with data protection regulations? Did you receive feedback from stakeholders, customers, and partners that GDPR preparation was not complete? Are your customers increasingly sending questionnaires about GDPR readiness? Maybe you are disappointed with the preparation consultant? 

 

Then you are looking for us!

 

Full GDPR review and preparation as part of our consulting service:

  • Revising, supplementing and writing the regulations

  • The establishment and review of mandatory records meet the requirements of the GDPR

  • Preparation of the necessary subcontractor (data processing) contracts

  • Review of the IT system according to GDPR

  • Reviewing and, if necessary, documenting the application of data management processes

 

We help prepare your organization to meet the requirements of the GDPR regulation!

 

Our preparation methodology

Survey and action plan 

  • GDPR training for employees – After training, speaking the same language can greatly increase the effectiveness of the survey.

  • We assess the areas of your organization relevant to the GDPR. 

  • Identification of data management processes, actors and preparation of data management records.

  • Exploring organizational relationships (between organizational departments) from the point of view of data management processes.

  • Identification of the roles of the subcontractor and partners as data processors or joint data controllers.

  • Review of data management and storage in IT systems.

  • Assessment and documentation of processed data.

 

After the survey, we prepare an action plan and executive summary based on the GDPR regulation.

Implementation Phase I -
Creation of data management registers

Creation of a data management register of data management processes in accordance with the requirements of the GDPR regulation: 

  • Determination of the purpose and legal basis of processes and the planned deadline for data management;

  •  Development of data management information in accordance with the GDPR regulation;

  • Definition of data management roles (Data manager, inside and outside the data processing organization);

  •  Development of a data management policy;

  • Regulation of incident proceedings and creation of record documentation;

  • Business decision support workshop - to deal with data management anomalies;

  • Documentation of the affected complaint handling (data request, protest, restriction, cancellation cancellation) processes.

Implementation II. phase - Interest assessments and Impact assessments 

  • Performing a risk analysis of stopped data management processes.

  • Based on the risk analysis, in the necessary cases, documenting the Impact Assessment in the DPIA system recommended by NAIH.

  • In the case of legal grounds of legitimate interest, carrying out and documenting interest assessment tests in accordance with official recommendations.

Implementation III. phase -
Examination of existing databases

  • Review and validation of existing databases.

  • Business decision support workshop on the use of existing databases.

  • Assessment of treatment options and risks.

  • Negotiating an action plan on the changed processes and the necessary tasks to be performed.

  • Implementation of the final GDPR documentation system and work processes, and consulting support for this if required.

Why Gill & Murry?

We have more than 20 years of information security and management experience.

We have already participated in several GDPR preparations and are constantly preparing organizations in several areas of industry, trade, manufacturing, logistics, and the public sector.

 

During GDPR preparation, we look for solutions from a business point of view that do not hinder the basic activities of the organization or can be introduced with the smallest possible changes, but meet the requirements of the GDPR.

bottom of page