Everybody doing business in Europe must comply to the European laws, also to the General Data Protection Regulation (GDPR) and the country specific implementation laws. Full Stop!
But 100% compliance doesn’t exist and should not be the ultimate goal.
The privacy regulation is only in force since 2018 (after it has been passed in 2016). More jurisdiction is needed to clarify the different interpretations as they exist today. The balance between compliance and business interest is important. Long existing processes can be looked at again and made more efficient. We help you to reach the right level of compliance.
We recognize different levels of maturity within different companies. The challenge is to identify the right level and implement steps to reach the next level.
LOWER YOUR RISK
The purpose of our lean approach is to lower your risk. The risks of non-compliance can be significant, like fines imposed by authorities, loss of sales or damage to your reputation.
Our approach consist of three steps:
1. Identify the gaps
First we will take a virtual picture of the processing of personal data within the different business processes and departments of your company. We do this by sending out questionnaires and talking to stakeholders.
The results of this picture will be checked against GDPR, EDPB-opinions, applicable country-specific privacy legislation and best practices as known today.
This will be plotted on our risk severity matrix.
Based upon the outcome of the risk severity matrix we will take the extreme and high risks and propose best practice actions to mitigate the specific risks. Actions might lead to prevent the risk from happening, to lower the risk, or to transfer the risk.
We will tailor the actions to your specific business characteristic. They will fit your business.
3. Practical next steps
Implementing the actions does not need to be done in big implementation projects. A lean approach of implementing the actions one-by-one, based upon your priorities can be done.
The plan-do-check-act cycle will help you to measure the effectiveness of the actions.