Starting a GDPR implementation project usually means opening your doors to one or more privacy consultants who will then proceed to conduct interviews with large numbers of your employees. That is what traditionally happened and what is still the most common scenario. But is it really necessary? Can’t it be done any other way?
At The Privacy Factory we think it can be done!
Over the past two years, we at The Privacy Factory have committed our efforts and resources to developing an alternative GDPR implementation approach. As a result, we can now offer a 100% online GDPR service solution consisting of:
1. Privacy Academy – online GDPR learning tool – including:
- GDPR workbook, specifically aimed at structured collection of the necessary information on the processing of personal data;
- DPO/GDPR training, teaching DPO’s and Privacy Officers a project-based approach to GDPR implementation;
- Training & Awareness, a mobile app containing over 600 multiple-choice questions allowing you to improve and maintain understanding of the GDPR among the members of your privacy team and your employees in general.
2. ‘Privacy Manager’ – online GDPR register and planning tool – for:
- using the GDPR workbook mentioned above for the collection of information in order to create, among other things, a Register of Processing Operations and a GDPR planning;
- using over 50 GDPR procedure and proof templates included in the tool to demonstrate that the created GDPR planning has actually been carried out;
- using e-messaging (including attachments) as a means of internal two-way communication between DPO’s / Privacy Officers and the members of the privacy team;
- using the built-in e-ticket system for online and documented handling of complaints or requests from data subjects.
As of last Friday, in an early response to the corona crisis, our GDPR service provision, as well as our organisational operations, have moved to a completely, 100% online business model. What we are aiming to accomplish by this step is allowing your organisation, your DPO/PO, the members of your privacy team and your staff to:
- continue to perform their GDPR activities;
- continue to pursue their GDPR training online;
- continue to handle GDPR-related requests and complaints online;
- continue to carry out their GDPR-related monitoring and advisory tasks.
What are the practical implications?
Supplementing the online Privacy Academy and Privacy Manager tools detailed above, we offer you full online consultancy to help you complete the first – inventory and planning – stage of your GDPR implementation process. So, instead of sending a privacy professional to come knocking on your door, we will join you online in four virtual conference sessions, in which we will ask you to share specific information with us. In order to make these sessions as short and efficient as possible, participants will be asked to prepare by studying a small number of simple questions.
Each session will cover a specific set of topics, cycle times being driven, among other things, by the extensiveness of the answers provided.
Session 1: This session focusses on identification of laws and provisions applying to and processing operations carried out by the data controller.
Session 2: The second session will be dedicated to qualifying the filing systems used for storage of personal data and qualifying the processing operations linked to these filing systems.
Session 3: The third session focusses on assessing the level of risk associated with individual processing operations and designating candidate members of the privacy team.
Session 4: The final session covers assigning of proposed privacy activities to specific members of the privacy team and selecting the means of proof to be provided in order to demonstrate actual performance of these activities.
When these four sessions have been completed, it is then up to the Data Protection Officer – using our online ‘DPO as a Service’ facility where appropriate – to provide guidance and advice to the privacy team members in carrying out the privacy activities assigned to them and, subsequently, making sure that these tasks have been carried out timely, completely and correctly.
If you still have questions as to the practicality of our online process, we will gladly arrange a virtual meeting with you so we can explain this unique approach in further detail. To contact us, send an email to firstname.lastname@example.org or call us at +31 882 036 323.
The TPF team