GDPR Roadmap+ Implementation Program

Training and support of the working group (project team) on the implementation of the GDPR according to the Nymity Privacy Accountability Framework.

This program relies on the worldwide recognized Nymity Privacy Accountability Framework. Our company is the only Nymity partner in the CIS. The program built on the experience of implementing the GDPR in companies of various maturity levels (from IT startups to large banks and corporations) all over the world but takes into account the specifics of each region.

When should you choose this program?

Problem Solution
Do business departments demand the impossible from lawyers in terms of GDPR? Representatives of business departments themselves make informed decisions and implement them as part of a working group.
Do departments resist change? Based on the Nymity Privacy Accountability Framework, the working group will create a systematic GDPR Roadmap (a step-by-step list of activities).
Are the GDPR activities conducted chaotically and limited to solving problems without any satisfying results? The time, financial, and human resources needed to implement a Roadmap to comply with the GDPR are evaluated. Different departments can coordinate the importance of management changes in a coordinated manner.
Management does not allocate sufficient resources. Some types of work require a deeper understanding of the company's products and business processes. And only members of the working group can fulfill them.

Phase I: GDPR Roadmap Preparation

  1. Formation of the working group

To work on this program, a working group is formed to implement the GDPR. It consists of the main stakeholders who deal with the company's customers, on which the success of the project depends.

As a rule, the group includes representatives of every departments and divisons of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives of the main areas and products of the company.

Some tasks require authority and authority within the company, therefore, the working group must include people who make decisions or have a significant influence on them.

 

  1. Working group training

According to the program of the GDPR Data Privacy Professional course from a certified professional and information privacy manager CIPP/E, CIPM – lasting 24 hours (4 full days of classes).

Phase II: GDPR Roadmap Creation

  1. Identification of projects falling under the GDPR over 4 working sessions. Selection of areas, projects and products, which need to be brought in line with the GDPR. Filling in the register of personal data processing in accordance with Article 30 of the GDPR.
  2. Choosing which of the 139 Nymity Privacy Accountability Framework activities are applicable to your organization.
  1. Ranking of selected activities by risk for the organization and the data subjects, by the complexity of implementation, and by benefits of these activities in the actual situation.
  2. Assessment of resources required for the implementation of the GDPR Roadmap (people, including management support; processes; technologies and tools).

Phase III: GDPR Roadmap Implementation

  1. At this stage, we begin to implement successively the activities planned for the GDPR Roadmap within 4 or 12 working sessions. First of all, we deal with high-risk and tasks with the highest priority.

All decisions and main tasks are implemented by the working group with the support and training of our certified CIPM manager / CIPP/E consultant.

Some work can be outsourced to our consultants based on the prepaid hours (60 or 120 hours, depending on the selected service package). These hours are allocated by a decision of the working group throughout the entire implementation phase.

Why do you need consulting hours?

Some work may require significant practical experience or in-depth analysis of the problem. The consultant will perform this work much faster and more efficiently.

Who runs the program?

Siarhei Varankevich CIPP/E, CIPM, MBA
Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn

Siarhei Varankevich is the only certified manager and professional in the field of information privacy in the CIS (CIPM and CIPP/E). The program built on the experience of implementing the GDPR in companies of various maturity levels (from IT startups to large banks and corporations) all over the world but takes into account the specifics of each region.

Work format

dpo
Working session
Analysis of the auxiliary training module, “portion” of tasks (why and what? who and how?), examples and templates; distribution of responsibility in the group
dpo
Intersessional work
Independent implementation by the members of the working group of the selected activities between sessions
dpo
Support
Intersessional support of our consultants and execution of outsourced work

Service packages

Training of the working group on the GDPR DPP
GDPR Roadmap creation*
GDPR Roadmap implementation
Consulting
Gift 1
Gift 2
Duration
GDPR Roadmap 15000 Order
Training of the working group on the GDPR DPP
+
GDPR Roadmap creation*
4 sessions
GDPR Roadmap implementation
-
Consulting
-
Gift 1
-
Gift 2
-
Duration
≈3 months
GDPR Roadmap + 50% Compliance 35000 Order
Training of the working group on the GDPR DPP
+
GDPR Roadmap creation*
4 sessions
GDPR Roadmap implementation
4 sessions
Consulting
60 hours
Gift 1
GDPR Aware up to 200 pers.
Gift 2
-
Duration
≈6 months
GDPR Roadmap + 80% Compliance 60000 Order
Training of the working group on the GDPR DPP
+
GDPR Roadmap creation*
4 sessions
GDPR Roadmap implementation
12 sessions
Consulting
120 hours
Gift 1
GDPR Aware up to 200 pers.
Gift 2
GDPR DPT up to 20 pers.
Duration
≈12 months
* The calculation of the level of GDPR Compliance, as well as number of consulting hours, is provided for reference for a typical organization with the number of employees 100-500 people and 3-5 main products / processes with personal data.
Upon the consultation each package can be tailored to your needs and specifics of your company. 
 
*1. Identification of areas, projects and products to be brought in line with the GDPR.
2. Selection of applicable Nymity Privacy Accountability Framework activities.
3. Prioritization of selected activities.
4. Assessment of resources for the implementation of the GDPR Roadmap.

Feedback

Order

Preliminary consultation







facebook telegram viber linkedin