Handling Data Protection, Privacy and Cyber security matters within the organization. Implementation of GDPR within Corporates and handling GDPR compliances under the statute.
Personal Data Inventory:
Comprehensive knowledge of GDPR relating to project base lining and
preparing personal data inventory.
Current State Assessment:
Analyzing data flow diagrams and evaluating current state assessment. Mapping the storage and flow of personal and sensitive personal data within the organisation.
Preparing a Gap report highlighting the design gaps. Perusing data privacy impact assessment (DPIA) of the organization and suggesting remedial measures.
Policies and Procedures:
Preparing policy framework of the organization including data protection
Training and awareness:
Conducting training and awareness sessions for the organisation on GDPR. Customising training as per the requisites of the internal business functions.
Privacy by Default and Privacy by Design:
Structuring Privacy by Design and Default principles into the privacy framework of the Corporates right from the beginning.
Auditing company’s internal processes, policies, contracts and other documentation to align it with GDPR requirements.
Consent and contractual management for revision of data protection clauses in contracts.
Preparing cross-border transfer agreements and Binding Corporate Rules to facilitate lawful transfer of data outside of EU.
Formulating the roles, responsibilities and structure of accountability of Data Protection Officer (DPO).
Working with IT team to develop and embed an incident management procedure to include potential scenarios of data breach and implement enhanced security controls.
Data Subject rights:
Formulating policies, procedures and templates for facilitating data subject’s right to rectification, modification, erasure, etc.
Information Technology Laws:
Handling matters related to Information Technology laws.
Contract drafting and negotiation:
Drafting, vetting and negotiating of data protection agreements with customers, vendors, etc.
Indian PDPA Compliances:
Working on critical analysis of the Indian Personal Data Protection
Bill, 2018 and compliances for corporates under the same.
Data Protection Solutions:
Creating a comprehensive package solution for Corporates for legal and technical solutions related to applicable data protection.
GDPR and Data Protection Checklist:
Creation of a tool to encompass compliance under data protection statutes and to monitor the status of the same.
AI enabled questionnaire:
Basic questions related to GDPR, data protection, its applicability, important pointers, penalties, etc. to be embodied in AI.
REQUISITE KNOWLEDGE BUT NEED TO STRENGTHEN EXPERTISE
Preparation of data flow diagrams:
Technical team to help with location of servers within the organization where personal data is stored and mapping personal data to systems within the organization.
Conducting ISO27001 audit and VAPT (Vulnerability Assessment and Penetration Testing)
Data Protection audit:
Securing the data with the help of various tools such as Data Leak Prevention tools etc.
Tool based compliance :
Development of tools for compliance of GDPR within the organization,
§ Consent tracker
§ Anonymization tools so that personal information is unidentifiable
§ Tracker for DPIAs and closure of gap analysis report
§ Tool encompassing compliance checklist for GDPR