GDPR Audit & Compliance
If your organization is processing personal data from European companies or citizens one way or the other, you are probably subjected to the GDPR regulation. The purpose of the GDPR is to ensure that all service providers, governments, or organization adopt data practices that are respectful to EU citizens’ privacy with an acceptable risk level.
Our services aim at providing your organization with a better understanding of the GDPR, to assess what is at stake for your business, and to take appropriate actions to reach a relevant level of compliance.
On another hand, it is wise to leverage the GDPR compliance to have a better control of your IT systems. The GDPR compliance is mandatory as soon as you process data from European organization or individual, but in the digital era, mastering the data from your clients and customers can open new horizons to your business.
In addition to the services presented hereunder, we
are happy to provide you with:Executive training on GDPR context and how to leverage it to foster your business
Staff training about GDPR, what it implies for them and what is the purpose
Few-hours consulting on a specific topic
Our costs are adapted to the Vietnamese environment. GDPR Compliance comprehensive of the audit, training and implementation of system enhancement can range from 10.000 USD for SME’s to several millions for large corporate companies. In comparison, a complete prestation from us starts ranges from 3.000 USD for SME and goes around 15.000 USD for a company with more than 200 employees.
Please refer to us for more details about the prices.
Prestation 1 - Audit
For each service your company provides we will assess the nature of personal data if any.
Then answer the following questions to estimate the gap between your situation and a GDPR compliant state.
1 – Status of the organization: Are you a Data controller or Data processor?
2 – What are the risks associated to the data you are responsible for?
3 – What are the categories of data you are processing?
4 – How is the data storage and its lifecycle handled?
5 – How many different organizations do you share the data with?
6 – What is the maturity of the processes to access data?
7 – Is the contract or GTU with the client GDPR compliant?
8 – How mature is the security?
9 – Do you have a DPO service?
After this step you will have a Record of processing and a map of your services with the IT system associated to it.
Deliverable | Description |
IT map | Description of all the services and the personal data associated |
Gap analysis | Service level assessment (in comparison with the technical level of prestation 2) of the situation of your organization versus a compliant state |
Prestation 2 - Implementing the compliance
From the basis of prestation 1
we propose to implement the compliance on different levels:
Note that the workload (hence the price) of this part depends on the
results of prestation 1
Technical:
· In-depth analysis between the state of the system and a
compliant state
· Privacy impact assessment and associated action plan
· Implementation of change & follow-up
Organizational:
· Train key staff
· Change management within the organization
· Create a wiki on your organization’s internal website to
inform people
Legal:
· Assessing the legal bounds with Clients, contractors, and
service providers.
· Providing the legal documents relative to the GDPR compliance
for your specific case
· The liability assessment between different stakeholders
|
|
|
|
Privacy impact |
Analysis of your |
|
Internal GDPR wiki |
Web space where |
|
Legal documents |
Specific to your |
