Skip to content

Implement GDPR compliance via Incident Response Solution (Articles 33 & 34)

Your Business Need
An effective data breach incident response program to comply with the 72 hour rule for GDPR and other obligations.

Our Deliverable
An incident management protocol customized to your needs, including:

  • Incident Intake Process
  • Escalation and Notification Path to know whom to notify and when
  • RACI with Stakeholder list and appropriate roles & responsibilities
  • Learn how to collaborate with vendors
  • Guidance on record and retention
  • Onsite Instructor-led training and mock incident for your stakeholders

How you benefit
Know how to respond when it matters most: Know who is in charge and whom to notify and when.
Comply with GDPR Article 33 and 34 requirements, including the 72 hour response timeframe.

PIA and DPIA Solutions

Risk mitigation and privacy management solutions (Articles 35 & 36)

Your Business Need
Understanding privacy risk within your business and defining a repeatable method to identify high risk processing of personal data when new initiatives or business ventures are started. An understanding on when to work with a Regulator on a EU Data Protection Impact Assessment (DPIA).

Our Deliverable
A risk management methodology, including:

  • A tiered risk assessment workflow starting with a Privacy Threshold Assessment (PTA) that identifies the need for a Privacy Impact Assessment (PIA) and then the requirements for a DPIA
  • Customized templates for risk assessments: PTA>PIA and DPIA
  • Risk Management Policy to document responsibilities within the business operations
  • RACI chart of stakeholders & responsibilities
  • Instructor led training session for stakeholders

How you benefit
Compliant with GDPR risk management requirements under Article 35 and 36. Understand privacy risk within your operations to mitigate risk and build privacy by design solution.
Create a repeatable and fit for purpose approach that can be leveraged throughout the business.
Maintain a defensible position through the creation of records of regular risk assessment for European Regulator review.


Understand your systems and processes to drive compliance (Article 30)

Your Business Need
GDPR requires you to have an inventory of all your personal data, including documentation of technical and organizational safeguards and data transfer to other countries. You need to be able to produce this up to date inventory to a Regulator at any time.

Our Deliverable
Your Data inventory of personal data processing, that analyzes and maps personal data of your employees, customers, consumers and other 3rd Parties. An Executive Assessment report to help you understand your personal data holdings and any potential gaps and our recommended solutions. Procedural support to keep the program evergreen.

How you benefit
Just in time compliance through an Article 30 report from your inventory. Helps you identify other GDPR requirements, such as for instance required security and organizational controls. Data maps drive the understanding of your personal data flows into the business. Maintaining the inventory will help you remain compliant and the business engaged in privacy.


(Articles 24 & 40)

Your Business Need
Managing vendor compliance for GDPR and other Privacy frameworks to ensure your vendors and business partners are not your weakest link. Understanding the supply chain privacy risk and implementing controls to be compliant in the long run.

Our Deliverable
A methodology to implement compliant third party vendor management, including:

  • An inventory of your vendors including risk classification
  • An assessment of contracts of your highest risk vendors
  • Customized policies and procedures for vendor management throughout the 3 PM lifecycle
  • Instructor led training session for stakeholders

How you benefit
Compliant with GDPR Articles 24 and 40: Understand and manage privacy and security risk within your supply chain for GDPR and other frameworks such as Privacy Shield. Create sustainable and compliant methods for managing vendor risk over time.


(Articles 12, 15-23)

Your Business Need
Ability to respond to employee or customer/consumers requests for personal data within the stipulated 30 days requirements in the GDPR.

Our Deliverable
An effective process for appropriately responding to Data Subject Rights (DSR) requests under the GDPR, including:

  • Policies and procedures for addressing Data Correction/Deletion Requests, Data Portability and Right to be Forgotten.
  • RACI to address internal and external requests
  • Practical Implementation Guidance

How you benefit
Compliant with GDPR Data Subject Rights requirements of Articles 12-23: Ability to promptly respond to requests from employees, customers, regulators and partners.