Steps to establish and maintain compliance
When faced with the task of GDPR compliance, many companies feel they don’t know where to start. Even those who have started, often feel unsure of how to further progress.
There are four cyclic steps to establish and maintain GDPR compliance, and Enobyte can help your company at any stage of the cycle.
Step 1: Assessment
Online Questionnaire and Gap Analysis Report
The very first step towards compliance is to do a full review of your company against the requirements of GDPR. With our Online Assessment questionnaire, you can access and begin working on this first step immediately, at your convenience.
From the questionnaire, the type of data, scope, size, context and purposes of the company’s data processing activities will be examined, along with existing company measures in place for data protection. You will then receive a concise gap analysis identifying the risk levels of each gap.
You will also be given IT expert advice based on industry standard best practices, and recommendations for implementation relevant to your company’s risk levels.
Step 2: Organisational measures
Solutions for internal and external interactions
GDPR requires companies to implement “technical and organisational measures” based on the risk of processing. We identify these from the gap analysis, as described in step 1, then we help your company fill missing elements in your external and internal documents and processes. We also provide practical tools which help.
Customer Facing Requirements:
- privacy notices tailored to your company activities, websites and apps
- cookie policies for your company website
- privacy notices and cookie policies provided in German, Japanese and English
- EU Representative (according to Art. 27 GDPR)
- creation of mandatory documentation (such as records of processing activities, guidelines and policies relevant to the company’s risk levels and industry standards)
- online training for employees
- compliance management system software for documentation and employee on-boarding
- certified Data Protection Officer (DPO)
Step 3: Technical Measures
IT solutions, data protection and security
Only after the foundations have been laid with the organisational measures, can the technical measures be implemented. For this step of the process, we help you with the following:
- risk assessment of technical systems, processes and operations (Data Protection Impact Assessment -DPIA)
- guidance on implementation of management systems ( Data Protection Management Systems - DPMS, Information Security Management Systems - ISMS)
- defining goals for IT systems to ensure information security’s key triad: confidentiality, integrity and availability of data
Step 4: Daily Operations
IT standards are continually evolving, as new forms of data breaches and abuse emerge. Since GDPR emphasises data protection based on risk, compliance is also a living, evolving way of operating business. Furthermore, data breaches, enquiries from data subjects and, even spot-checks by data protection authorities can occur at any time. We help your company stay on top of compliance through the following services and tools:
- external DPO or EU representative
- encrypted DPO communication channel
- handling of requests and inquiries from your customers
- handling of questions and requests from your company
- monitoring GDPR developments and update reports
As mentioned, compliance is not an end destination but a continual process. Our DPOs keep a close eye on technical and regulatory developments for your company to continually assess your compliance status, and to make sure your operations are always up to date.