GDPR Roadmap+ Implementation Program

Training and support of the working group (project team) on the implementation of the GDPR according to the Nymity Privacy Accountability Framework.

This program relies on the worldwide recognized Nymity Privacy Accountability Framework. Our company is the only Nymity partner in the CIS. The program built on the experience of implementing the GDPR in companies of various maturity levels (from IT startups to large banks and corporations) all over the world but takes into account the specifics of each region.

When should you choose this program?

Problem Solution
Do business departments demand the impossible from lawyers in terms of GDPR? Representatives of business departments themselves make informed decisions and implement them as part of a working group.
Do departments resist change? Based on the Nymity Privacy Accountability Framework, the working group will create a systematic GDPR Roadmap (a step-by-step list of activities).
Are the GDPR activities conducted chaotically and limited to solving problems without any satisfying results? The time, financial, and human resources needed to implement a Roadmap to comply with the GDPR are evaluated. Different departments can coordinate the importance of management changes in a coordinated manner.
Management does not allocate sufficient resources. Some types of work require a deeper understanding of the company's products and business processes. And only members of the working group can fulfill them.

Phase I: GDPR Roadmap Preparation

  1. Formation of the working group

To work on this program, a working group is formed to implement the GDPR. It consists of the main stakeholders who deal with the company's customers, on which the success of the project depends.

As a rule, the group includes representatives of every departments and divisons of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives of the main areas and products of the company.

Some tasks require authority and authority within the company, therefore, the working group must include people who make decisions or have a significant influence on them.


  1. Working group training

According to the program of the GDPR Data Privacy Professional course from a certified professional and information privacy manager CIPP/E, CIPM – lasting 24 hours (4 full days of classes).

Phase II: GDPR Roadmap Creation

  1. Identification of projects falling under the GDPR over 4 working sessions. Selection of areas, projects and products, which need to be brought in line with the GDPR. Filling in the register of personal data processing in accordance with Article 30 of the GDPR.
  2. Choosing which of the 139 Nymity Privacy Accountability Framework activities are applicable to your organization.
  1. Ranking of selected activities by risk for the organization and the data subjects, by the complexity of implementation, and by benefits of these activities in the actual situation.
  2. Assessment of resources required for the implementation of the GDPR Roadmap (people, including management support; processes; technologies and tools).

Phase III: GDPR Roadmap Implementation

  1. At this stage, we begin to implement successively the activities planned for the GDPR Roadmap within 4 or 12 working sessions. First of all, we deal with high-risk and tasks with the highest priority.

All decisions and main tasks are implemented by the working group with the support and training of our certified CIPM manager / CIPP/E consultant.

Some work can be outsourced to our consultants based on the prepaid hours (60 or 120 hours, depending on the selected service package). These hours are allocated by a decision of the working group throughout the entire implementation phase.

Why do you need consulting hours?

Some work may require significant practical experience or in-depth analysis of the problem. The consultant will perform this work much faster and more efficiently.

Who runs the program?

Siarhei Varankevich CIPP/E, CIPM, MBA
Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn

Siarhei Varankevich is the only certified manager and professional in the field of information privacy in the CIS (CIPM and CIPP/E). The program built on the experience of implementing the GDPR in companies of various maturity levels (from IT startups to large banks and corporations) all over the world but takes into account the specifics of each region.

Work format

Working session
Analysis of the auxiliary training module, “portion” of tasks (why and what? who and how?), examples and templates; distribution of responsibility in the group
Intersessional work
Independent implementation by the members of the working group of the selected activities between sessions
Intersessional support of our consultants and execution of outsourced work

Service packages

  GDPR Roadmap GDPR Roadmap + 50% Compliance GDPR Roadmap + 80% Compliance
Training of the working group on the GDPR Data Privacy Professional + + +
4 working sessions on the GDPR Roadmap creation

1. Identification of areas, projects and products to be brought in line with the GDPR.

2. Selection of applicable Nymity Privacy Accountability Framework activities.

3. Prioritization of selected activities.

4. Assessment of resources for the implementation of the GDPR Roadmap.

Working sessions on GDPR Roadmap implementation   4 sessions 12 sessions
Consulting   60 hours 120 hours
Gift 1   GDPR Aware training for 3 hours, up to 200 persons (€1000) GDPR Aware training for 3 hours, up to 200 persons (€1000)
Gift 2     GDPR Data Privacy Technologist training (GDPR DPT) up to 20 pers. (€4000)
Duration ≈3 months ≈6 months ≈12 months
Price €15000 €30000 €60000

* The calculation of the level of GDPR Compliance, as well as number of consulting hours, is provided for reference for a typical organization with the number of employees 100-500 people and 3-5 main products / processes with personal data.

Upon the consultation each package can be tailored to your needs and specifics of your company. In order to find out the exact scope and cost of work please fill the web-form at the bottom.




Preliminary consultation

facebook telegram viber linkedin