GDPR PROFESSIONAL PACK CONSULTANCY
GDPR PROFESSIONAL PACK CONSULTANCY
Designed for companies with over 50 employees, which process sensitive data and have an online shop.
| No. | Activity | Deliverable |
|---|---|---|
| A.1 | Initial awareness training on the need to implement the provisions of GDPR 679/2019 | Initial training Interactive live webinar or at the headquarters of Initinvest Consulting, regarding the need to implement the provisions of GDPR 679/2019 for management and department heads within the Company (in accordance with art. 39 b, art. 47 n), maximum 10 persons; |
| A.2 | Online awareness training for employees who process personal data | On-line access to GDPR initiation e-learning content for users of personal data within the Company (in accordance with art. 39 b, art. 47 n); Online assessment (1 exam simulation and 1 exam) for personal data users within the Company and nominal Graduation Diplomas, GDPR awareness (in accordance with art. 39 b, art. 47 n); |
| A.3 | Making records of processing activities | Elaboration of the Register of Processing Records (in accordance with art. 30); |
| A.4 | Data Protection Impact Assessment (DPIA) | 1-3 Data Protection Impact Assessment; |
| A.5 | Analysis of the types of activities / processes within the Company | Audit (analysis) of personal data within the organization |
| A.5.1 | Analysis of existing work procedures and identification of processes involving the processing of personal data | Existing work processes involving the processing of personal data identified and analyzed in terms of the flow of personal data, based on the organizational chart and procedures provided by the beneficiary (in accordance with art. 30); |
| A.5.2 | Conducting analysis interviews with process managers | Analysis interviews conducted - online or face to face (Skype / Teams - platform dedicated to Communication activities) / InITinvest Consulting head office (in accordance with art. 30); |
| A.5.3 | Application of the questionnaire Process analysis | Questionnaires Applied process analysis (in accordance with art. 30); |
| A.5.4 | Analysis of personal data flows that are not found in the work procedures and validation of existing ones with the responsible staff | Unprocessed work processes involving the processing of personal data identified and analyzed in terms of the flow of personal data (in accordance with art. 30); |
| A.5.5 | Elaboration of recommendations and conclusions | Action plan; |
| A.5.6 | Data mapping - mapping personal data streams | Mapping data for work processes identified within the Company, which involves the processing of personal data (in accordance with art. 30); |
| A.6 | GDPR compliance documentation package (over 40 documents) | Privacy policy of personal data (in accordance with art. 5 and 12);
Models of Job descriptions updated with GDPR clauses (in accordance with art. 6, 7, 13-23); The procedure for processing personal data with the authorized persons (in accordance with art. 24, 26, 28); Models of personal data processing agreements elaborated with the empowered persons elaborated (in accordance with art. 24, 26, 28); Procedures and forms required in case of a breach of personal data security (in accordance with art. 32); 3 Model consent forms (in accordance with art. 6, 7, 8); Application forms for the exercise of the rights of the data subjects (in accordance with art. 12, 15, 16, 17, 18, 19, 20, 21, 22); Information security recommendations (in accordance with art. 32); |
| A.7 | Analysis and necessary documentation regarding the GDPR compliance of the site | Carrying out an audit of the site with an inspection software recommended by the European Data Protection Supervisor (EDPS) (in accordance with art. 30 and 39);
Elaboration of the Site Conformity Analysis Report; Elaboration of the Information Note regarding the processing of personal data for the site (in accordance with art. 5 and 12); Instructions regarding the functionalities necessary for the site for GDPR compliance (in accordance with art. 32); Cookie policy; Cookie consent form; |
| A.8 | Dedicated assistance in implementing GDPR telephone compliance / Initinvest Consulting head office | Dedicated assistance in implementing GDPR compliance such as: clarification of various GDPR thematic topics, validation of documentation, discussion of problems encountered. |
Reviews
There are no reviews yet.