Our mission: Enable a secure and sustainable digital transformation.
Steps to establish and maintain compliance
When faced with the task of GDPR compliance, many companies feel they don’t know where to start. Even those who have started, often feel unsure of how to further progress.
There are four cyclic steps to establish and maintain GDPR compliance, and Enobyte can help your company at any stage of the cycle.
Step 1: Assessment
Online Questionnaire and Gap Analysis Report
The very first step towards compliance is to do a full review of your company against the requirements of GDPR. With our Online Assessment, you can access and begin working on this first step immediately, at your convenience.
From our in-depth tailled questionnaire containing more than 200 questions, the type of data, scope, size, context and purposes of your company’s data processing activities will be examined, along with existing company measures in place for data protection. You will then receive a concise gap analysis identifying individual risk levels, along with pragmatic recommendations for legal, technical and organizational implementation.
We are happy to provide IT expert advice based on industry standard best practices like ISO 27.001, as well as recommendations for implementation relevant to your company’s requirements.
Step 2: Organizational measures
Solutions for internal and external interactions
GDPR Art. 32 requires companies to implement “Technical and Organizational Measures” (TOM) based on the risk of processing. We identify these from the gap analysis, as described in step 1, then we help your company fill missing elements in your external and internal documents and processes. We also provide practical tools which help.
Customer Facing Requirements:
- Privacy notices tailored to your company activities, websites and apps
- Cookie policies for your company website
- Privacy notices and cookie policies provided in German, Japanese and English
- EU Representative (according to Art. 27 GDPR)
- Creation of mandatory documentation (such as records of processing activities, guidelines and policies relevant to the company’s risk levels and industry standards)
- Online training for employees
- Compliance management system software for documentation and employee on-boarding
- Certified Data Protection Officer (DPO)
Step 3: Technical Measures
IT solutions, data protection and security
Only after the foundations have been laid with the organisational measures, can the technical measures be implemented. For this step of the process, we help you with the following:
- Risk assessment of technical systems, processes and operations (Data Protection Impact Assessment -DPIA)
- Guidance on implementation of management systems ( Data Protection Management Systems - DPMS, Information Security Management Systems - ISMS)
- Defining goals for IT systems to ensure information security’s key triad: confidentiality, integrity and availability of data
Step 4: Daily Operations
IT standards are continually evolving, as new forms of data breaches and abuse emerge. Since GDPR emphasises data protection based on risk, compliance is also a living, evolving way of operating business. Furthermore, data breaches, enquiries from data subjects and, even spot-checks by data protection authorities can occur at any time. We help your company stay on top of compliance through the following services and tools:
- External DPO and/or EU representative
- Setting up a secure DPO communication channel
- Handling requests and inquiries from your customers
- Handling questions and requests from your company
- Monitoring GDPR developments and update reports
As mentioned, compliance is not an end destination but a continual process. Our DPOs keep a close eye on technical and regulatory developments for your company to continually assess your compliance status, and to make sure your operations are always up to date.
Get in touch
More than 100 companies already trust in Enobyte. Looking forward to getting in touch with you.