GDPR Compliance project

DPO Consulting supports you in making your data privacy compliant a true asset

By using a time-saving and efficient methodology, DPO Consulting can provide you with a complete overview of your GDPR compliance and offer you a tailor-made compliance action plan.

Thanks to our many experts and the number of clients we have supported, DPO Consulting can give you specific recommendations for every sector (clinical trials, e-commerce, industries,etc.).

Beyond their legal expertise, our consultants are able to understand your strategic and operational issues. We offer pragmatic solutions adapted to each challenge. By continuously improving our services, we are trying to optimise our methodology to provide you with better offers.

DPO Consulting is above all a gathering of dynamic, rigorous, and friendly professionals sharing their knowledge and experience.

DPO Consulting is a consultancy firm specialising in the protection of personal data whose objective is to help companies of any size with the compliance of their processing activities with the GDPR.

From the detection of non-conformity to the day-to-day support, DPO Consulting’s teams will be here for you to make your GDPR compliance a true competitive asset.

Our approach

Step 1

Assess your compliance level

Identify and analyse the gap

Map the processing activities

Analyse the processing

Create a compliance action plan

Step 2

The compliance action plan

Identify the roles and responsibilities (RACI)

Determine the cost of the programme

Validate the budget with the direction

Set up a project team

Step 3

Start the compliance

Nominate a DPO

Implement the action plan

Modify the processing activities

Step 4

Keep the compliance up to date

Ensure the change of governance between the project and the run phase

Schedule regular meetings to ensure the effectiveness of the compliance

Document and validate new projects

Train the employees

GDPR and compliance

What is the impact?

The regulation has been drafted to increase the protection of personal data and the privacy of EU residents as well as to facilitate administrative declarations for international companies. Compliance with the GDPR and the different legislation must be the priority of companies using or collecting personal data of EU residents.

In order to comply with the GDPR, every company has to map every processing activity. Whatever the technology used, it is of utmost importance to identify and audit every sensitive data stored and used by your company. Transparent access to the source of data facilitates the evaluation and management of risks regarding both the confidentiality and the integrity of the data. Moreover, companies have obligations to be able to locate the origin and use of any personal data they have.

A company must audit all the data to identify the personal information on every database, application, software, etc. Personal data could be stored in structured or unstructured databases. Thus, the data controller or the DPO, if the mission was entrusted to them, must extract, classify and map personal data such as name, email address, and social security number. Depending on the amount of data used, this process could be hard to handle without an expert. Besides the mapping of personal data by level of risks, an analysis regarding the pertinence, the quality or the retention period must be held.

To comply with the GDPR, the confidentiality rules must be documented (for example the management of clearances) and shared within the company. It is the best way to ensure that the personal data are only accessible to allowed employees.

Once the mapping of the personal data is completed, a level of protection adapted to each category of personal data must be decided. To comply with the GDPR, at least 3 techniques could be used to ensure the protection of personal data: encrypting, pseudonymising and anonymising. It is mandatory to use an appropriate technique depending on users’ rights and the context of use without compromising the growing need for analysis, forecasting, portability, query and reporting.

The last step is to create a compliance action plan including the costs and managing the responsibilities of the different actions between each department/direction. Indeed, all the departments/directions (HR, Marketing, Legal, IT, etc.) are concerned by the GDPR and would have to be involved in the implementation of the action plan.

Tailor-made coaching by our privacy experts

Recommendations adapted to your needs and business.