Scribd
Upload
5 views

GDPR Roadmap

GDPR Roadmap

Uploaded by

lazy.artist1996
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

GDPR Roadmap

GDPR Roadmap

Uploaded by

lazy.artist1996
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

1

High Level roadmap for the


Implementation of GDPR

Prepared By :

Shubham nigam
Salman A (CISM, Certified privacy professional)
Confidential Copyright ©
2
Content

● Understanding GDPR and


Scoping
● Data Inventory and Mapping
● Gap Analysis
● Risk Assessment
● Testing and Validation
● Monitoring and Continuous
Improvement

Confidential Copyright © 2
Understanding Requirements & scope discussion

1. Awareness Training

● Conduct GDPR training for key stakeholders to ensure understanding of principles


like data minimization, accountability, and lawful processing.
● Provide tailored sessions for data-heavy departments (e.g., marketing, IT, HR).

2. Identify Scope

● Map business activities that involve personal data processing.


● Identify stakeholders (controllers, processors, Data Protection Officers).
● Define geographic scope: EU citizens or data processed within the EU.

3. Appoint a Data Protection Officer (DPO)

● If required, appoint a qualified DPO or equivalent advisor.

Confidential Copyright ©
Data Inventory &
Mapping
1. Conduct a Data Inventory

● Use tools/templates to document data


sources, types, storage locations, and
retention periods.
● Categorize personal data: employee,
customer, partner, vendor, etc.

2. Map Data Flows

● Visualize data lifecycle (collection, processing,


transfer, and deletion).
● Highlight data shared with third parties.

Confidential Copyright ©
Gap analysis
1. Assess Current Processes

● Evaluate consent mechanisms, contracts, privacy policies, and security measures.
● Compare existing controls with GDPR requirements (lawfulness, transparency,
accountability).

2. Generate a Compliance Report

● Highlight gaps in areas like data breaches, subject access requests, and international
transfers.

Confidential Copyright ©
Risk Assessment
1. Perform Data Protection Impact Assessments (DPIAs)

● Focus on high-risk processing activities (e.g., profiling, sensitive


data handling).

2. Develop a Risk Register

● Include identified risks, severity, impact, and mitigation measures.

Confidential Copyright ©
Implement Controls and
Policies
1. Create Policies and Procedures:
● Privacy policies: Ensure transparency about processing purposes and rights.
● Data breach procedures: Develop a clear incident response plan.
● Retention policies: Define and enforce data retention/deletion schedules.
2. Enhance Security Measures:
● Implement encryption, pseudonymization, and access controls.
3. Revisit Consent Mechanisms
● Verify that consent is explicit, informed, and easy to withdraw.

Confidential Copyright ©
8

Testing and Validation

1. Simulate Data Subject Requests:


● Test responses for access, rectification,
portability, and deletion requests.
2. Conduct Internal Audits:
● Review data protection policies and records of
processing activities.
3. Simulate Data Breach Response:
● Ensure compliance with the 72-hour reporting
rule.

Confidential Copyright © 8
Monitoring & Continuous
Improvement

1. Establish a Monitoring Program:


● Regularly review data flows, policies, and risks.
2. Set Up Governance Processes:
● Implement a GDPR steering committee to review updates
and new risks.
3. Stay Updated on GDPR Changes:
● Monitor guidance from supervisory authorities.

Confidential Copyright ©
10

Thankyou

Confidential Copyright ©

You might also like