GDPR Compliances:
Handling Data Protection, Privacy and Cyber security matters within the organization. Implementation of GDPR within Corporates and handling GDPR compliances under the statute.
Personal Data Inventory:
Comprehensive knowledge of GDPR relating to project base lining and
preparing personal data inventory.
Current State Assessment:
Analyzing data flow diagrams and evaluating current state assessment. Mapping the storage and flow of personal and sensitive personal data within the organisation.
DPIA:
Preparing a Gap report highlighting the design gaps. Perusing data privacy impact assessment (DPIA) of the organization and suggesting remedial measures.
Policies and Procedures:
Preparing policy framework of the organization including data protection
and retention policies, privacy framework and remediation. Drafting of employee consent forms and website privacy policy.
Training and awareness:
Conducting training and awareness sessions for the organisation on GDPR. Customising training as per the requisites of the internal business functions.
Privacy by Default and Privacy by Design:
Structuring Privacy by Design and Default principles into the privacy framework of the Corporates right from the beginning.
Audit:
Auditing company’s internal processes, policies, contracts and other documentation to align it with GDPR requirements.
Consent management:
Consent and contractual management for revision of data protection clauses in contracts.
Inter-Company Agreements:
Preparing cross-border transfer agreements and Binding Corporate Rules to facilitate lawful transfer of data outside of EU.
DPO:
Formulating the roles, responsibilities and structure of accountability of Data Protection Officer (DPO).
Incident Management:
Working with IT team to develop and embed an incident management procedure to include potential scenarios of data breach and implement enhanced security controls.
Data Subject rights:
Formulating policies, procedures and templates for facilitating data subject’s right to rectification, modification, erasure, etc.
Information Technology Laws:
Handling matters related to Information Technology laws.
Contract drafting and negotiation:
Drafting, vetting and negotiating of data protection agreements with customers, vendors, etc.
ROADMAP AHEAD
Indian PDPA Compliances:
Working on critical analysis of the Indian Personal Data Protection
Bill, 2018 and compliances for corporates under the same.
Data Protection Solutions:
Creating a comprehensive package solution for Corporates for legal and technical solutions related to applicable data protection.
GDPR and Data Protection Checklist:
Creation of a tool to encompass compliance under data protection statutes and to monitor the status of the same.
AI enabled questionnaire:
Basic questions related to GDPR, data protection, its applicability, important pointers, penalties, etc. to be embodied in AI.
REQUISITE KNOWLEDGE BUT NEED TO STRENGTHEN EXPERTISE
Preparation of data flow diagrams:
Technical team to help with location of servers within the organization where personal data is stored and mapping personal data to systems within the organization.
Security Audit:
Conducting ISO27001 audit and VAPT (Vulnerability Assessment and Penetration Testing)
Data Protection audit:
Securing the data with the help of various tools such as Data Leak Prevention tools etc.
Tool based compliance :
Development of tools for compliance of GDPR within the organization,
such as:
§ Consent tracker
§ Anonymization tools so that personal information is unidentifiable
§ Tracker for DPIAs and closure of gap analysis report
§ Tool encompassing compliance checklist for GDPR