TOOLKIT GDPR IN 7 STEPS

1.Brief description

Have you heard of the fines that have already been imposed and have you set out to implement GDPR compliance in the organization you belong to, but you don't know where to start and what to do?

Did you know that in order to ensure a reasonable minimum level of compliance you must go through 7 essential steps:

1.Inventory of Personal Data and Employee Awareness, according to art. 30, according to art. 39b, art. 47N

• Training and awareness of employees;
• Process analysis, data mapping and elaboration of data registers;

2. Ensuring measures to ensure information security, according to art. 32

• Ensuring and implementing organizational measures to ensure information security;
• Ensuring and implementing technical measures to ensure information security;

3. Informing, collecting consent and exercising the rights of the data subjects, according to art. 5, art. 6, art. 7, art. 13 -23;

• Informing the data subject;
• Collection of the consent of the data subject;
• Exercising the rights of the data subject;

4. The Data Protection Officer and the Data Protection Impact Assessment, according to art. 4, art. 6-7, art. 13-23, art. 35, art. 37-39

• Analysis of the obligation to designate and designate the Data Protection Officer;
• Data protection impact assessment;

5. Violation of personal data security, according to art. 32-33;

• Documentation of personal data security breach;
• Notification of notification of personal data breach;
• Management of events / incidents regarding the violation of personal data security;

6. Implementation of GDPR in the Human Resources department, according to art. 4, art. 6;

• Appointment of persons authorized to process personal data;
• Updating job descriptions;

7. The relationship with third parties / suppliers, according to art. 24, art. 26, art. 28;

• Documentation of procedures for drawing up contracts with third parties / suppliers;
• Updating current contracts / developing agreements with third parties / suppliers;

TOOLKIT GDPR IN 7 STEPS is an integrated package that contains a guide and a detailed implementation planning, so that even a novice DPO can implement GDPR compliance, having all the tools at hand.

Each step is accompanied by the expected results, the actions to be taken and the documents necessary for implementation.

For a fast and efficient implementation, the toolkit also contains the Project Plan in which all you have to do is adjust the start date of the project, the progress and at most the number of days allocated to each activity, because you will find structured the main activities and secondary, those responsible for the activities, the results of the activities, their start and end date.

2. To whom it is addressed

TOOLKIT GDPR IN 7 STEPS addresses:

• GDPR experts in an organization that implements compliance with the regulation, having at hand all the necessary tools, policies, procedures and inventory records;
• companies that want to implement their compliance with the regulation, without allocating large budgets for consulting services.

3. Benefits

• GDPR Implementation Guide that guides you through the implementation activities in a logical, easy to understand and efficient manner;
• Well structured project plan, efficient, easy to follow and implement;
• The tools, policies, procedures and inventory records required to implement compliance;
• The cost of purchasing this package is incomparably lower than the minimum fine granted for non-compliance with the regulation, this being 10 million Euros or 2% of the global turnover from the previous year for private organizations and 200,000 Lei for public institutions;
• The package is designed by a team of experts that includes:

• GDPR expert with 2 years experience in applying the Regulation, with international certification;
• IT expert with over 15 years in the field, with over 2 years experience in GDPR with expertise in IT systems auditing;
• Human Resources expert with over 10 years of experience in the field and over 1.5 years in GDPR, with DPO certification;
• lawyer with over 2 years experience in the field of GDPR;
• GDPR consultant with over 1.5 years of experience in implementing GDPR compliance at various public and private organizations with over 500 employees, DPO certificate authorized by ANC;

You enter the GDPRexpert * community and are constantly up to date with new information, free services, examples of good practice, participation in information workshops to comply with Articles 39 and 47n, according to GDPR / 679.2016, at preferential prices or even free.

4. Describe the content

• GDPR Compliance Guide - What to do, how long and with what resources, step by step
• GDPR Project Plan - Helps you visualize the progress of compliance activities
• Documentation and tools necessary for activities (policies, procedures, registers, forms, minutes, internal decisions, etc. - over 60 documents) regarding:

• Inventory of Personal Data, according to art. 30, according to art. 39b, art. 47N

1.  Minute of the management meeting for launching the GDPR project within the organization
2. Report GDPR Gap Assessment Tool
3. Working procedures involving identified personal data flows
4. Completed analysis questionnaire for flows involving the processing of personal data
5. Evidence of personal data processing activities
6. Register for keeping and deleting records with personal data

• Ensuring measures to ensure information security, according to art. 32

a. Ensuring and implementing organizational measures to ensure information security;

1. Privacy policy of personal data
2.  The procedure for managing the revisions of the personal data protection policy
3. Instruction on contacting the authorities
4. The procedure regarding the control of GDPR documents
5. Internal and external communication procedure

b. Ensuring and implementing technical measures to ensure information security;

1. Information deletion policy
2. Information elimination register
3. Procedure for keeping records
4. Information classification procedure
5. Access control policy
6. Procedure regarding the protection of personal data
7. Technical requirements for IT applications - GDPR compliance
8. Access control procedure - rules and rights of users, user groups
9. Procedure for managing user access
10. Implementation of pseudonymization - models
11. Implementing the "right to be forgotten" - models
12. Privacy by design
13. Privacy by default

• Informing, collecting consent and exercising the rights of the data subjects, according to art. 5, art. 6, art. 7, art. 13 -23;

1. Information procedure regarding data processing
2. Privacy Notice
3. Information regarding the processing of personal data
4. Register of confidentiality notifications
5. Consent collection procedure
6. The consent form of the data subjects
7. Parental consent form
8. Management register of collected consents
9. Withdrawal procedure
10. The withdrawal form of the consent of the data subject
11. Form of withdrawal of parental consent
12. Register of management of requests for withdrawal of consents
13. The procedure for requesting access to information of the persons concerned
14. Form for requesting access to information of the data subject
15. Procedure for exercising the right to rectification, opposition, deletion, portability and restriction of personal data
16. Application for the exercise of the right to opposition
17. Request for the exercise of the right to rectification of personal data
18. Request for the exercise of the right to the deletion of personal data
19. Request for the exercise of the right to portability of personal data
20. Application for the exercise of the right to restrict processing
21. Register on Requests of data subjects

• The Data Protection Officer and the Data protection impact assessment, according to art. 4, art. 6-7, art. 13-23, art. 35, art. 37-39

1. Tool for analyzing the obligation to designate the DPO
2. Model decision for appointing the Data Protection Officer;
3. DPO Job Description Model;
4. Model Monitoring Report with remedial measures and policy review planning;
5. Monitoring plan;
6. Data Protection Impact Assessment Tool;
7. Data Protection Impact Assessment Guide;
8. Risk Analysis Model - Data protection impact assessment;

• Violation of personal data security, according to art. 32-33;

1. The procedure for reporting vulnerabilities, events and data security breaches
2. Form for reporting vulnerabilities, events and data security breaches
3. Inventory of reporting vulnerabilities, events and data security breaches
4. Procedure for responding to information security reports and evidence collection
5. Notification procedure regarding the breach of personal data security
6. Register of security breaches
7. Register of notifications to the National Supervisory Authority For Personal Data
8. Form for notifying the personal data security breach to National Supervisory Authority For Personal Data completed form

• Implementation of GDPR in the Human Resources department, according to art. 4, art. 6;

1. Training policy;
2. Instructions for training staff on basic GDPR measures
3. Training material for employee awareness
4. Individual diplomas for participation in the GDPR-template awareness training
5. Model Decision for the appointment of authorized persons signed by the Management Team
6. Model specific clauses for the protection of personal data in the job descriptions of employees who process personal data

• The relationship with third parties / suppliers, according to art. 24, art. 26, art. 28;

1. Model Agreement with the authorized person / supplier / partner for processing personal data
2. Procedura privind acordurile cu furnizorii si partenerii

Copyright protection

The content of the digital documents included in the GDPR TOOLKIT IN 7 STEPS, offered by InITinvest Consulting SRL are protected by copyright. The digital materials included in this toolkit are distributed exclusively to InITinvest Consulting clients and do not represent a legal consultation.