Are you ready for May 2018 and the new GDPR regulations?
Are you asking yourself these questions:
- How does the GDPR affect my marketing emails to the EU?
- Do I need to change my landing pages and email signup forms?
- Will I need to change the way my company stores personal data?
- Who is my DPO?
Our privacy consultants can work with you to conduct the entire GDPR review process – including a risk analysis, level of effort analysis, and a prioritized GDPR project plan. Under Section 3, Article 35 of the GDPR, a Data Protection Impact Assessment (“DPIA”, which is also commonly known as a Privacy Impact Assessment or “PIA”) is required for any processing that may result in “high risk”. For each gap, you’ll then need to identify specific remediation actions and estimate Levels of Effort (LOEs) – Low, Medium, and High. We map out the gaps and make sure each group is compliant with the GDPR. By investing the time up front to perform the proper analysis and planning, you can be confident that you will efficiently and effectively mitigate risk while meeting your company’s business objectives. Below are a sample of tasks Inbox Pros takes into account for each assessment we complete:
GDPR Assessment Tasks
- Achieve Budget and Consensus from Company
- Kick-Off Call and GDPR Task Force Meeting
- Data Flow and Risk Analysis
- Assign Data Protection Officer
- Understand and Analyze Data Security Controls
- Understand and Establish Need for International Data Transfers
- Review Vendor and Third-Party Contracts
- Review and Revise Data Security and Privacy Policies
- Review and Revise Data Security and Privacy Procedures
- Implement and Review Privacy Impact Assessments
- Utilize Procedures to Reflect Data Subject Rights
- Implement and Conduct Ongoing Privacy Training
- Revisit Tasks with Internal GDPR Task Force Team