How do you implement the GDPR directive for your organization? Take a look at this free GDPR Implementation Planner, to start making your company GDPR compliant.
After you understand the impact GDPR might have on your company procedures, you need to make a plan to start with a GDPR Readiness assessment. If you can compare IST and SOLL situation, you can be sure what to do. Based on that you can make a GDPR preparation plan. This Gantt Chart is a strong example of such a GDPR Compliance project.
GDPR Preparation Project
GDPR Roles, awareness and training
- Inquire Third Party GDPR Compliance Implementation (if required)
- Perform gap assessment
- Gain senior management commitment
- Initiate project with appropriate resources and budget
- Establish document control
GDPR Personal data mapping
- Conduct communication program to suppliers and other stakeholders
- Define GDPR roles and responsibilities
- Identify lead Data Protection Supervisory Authority
- Recruit Data Protection Officer (if required)
- Appoint Data Protection Officer (if required)
- Conduct GDPR competence and training needs assessment
- Perform GDPR related training and familiarisation
- Conduct GDPR and information security awareness training
GDPR Privacy policies and notices
- Conduct initial personal data information gathering exercise
- Perform an audit of personal data by business area
- Define or Amend Data Protection Policy
- Identify lawful basis for processing personal data in each case
- Conduct legitimate interest assessments where required
- Identify record-keeping requirements and procedures
GDPR Rights of the data subject
- Define personal data retention and protection policy
- Create or amend existing privacy notices
- Review and amend consent methods and procedures
- Address age-related consent and controls (children)
GDPR Controllers and processors
- Create and implement data subject request procedures
- Create and implement data subject consent form
- Create and implement data subject consent withdrawal form
- Create and implement parental consent form
- Create and implement parental consent withdrawal form
- Start recording data subject requests
- Create and implement User Deletion Request Policy
GDPR Data protection impact assessment
- Update contracts with processors to be GDPR compliant
- Distribute supplier questionnaires regarding personal data protection
- Provide information to controllers for whom we act as a processor
- Update contracts with controllers to be GDPR compliant
- Address employee confidentiality requirements
- Create and implement Bring Your Own Device Policy
GDPR International transfers
- Define data protection impact assessment process
- Conduct data protection impact assessment training
- Perform initial data protection impact assessment
GDPR Personal data breach management
- Identify international transfers of personal data
- Assess legality of existing international transfers
- Put in place agreements for international transfers of personal data (where required)
GDPR Project closure
- Create information security incident management procedure
- Create a personal data breach notification procedure (Data Subjects)
- Create a personal data breach notification procedure (Supervisory Authority)
- Conduct information security incident management training
- Test incident management and breach notification procedures
- Create a business continuity plan or disaster plan in case of crisis
- Inform the data subjects that were exposed to a data breach
- Repeat gap assessment to identify remaining non-compliant areas
- Respond to complaints of data privacy breaches, etc
- Address any remaining non-compliant areas
- Perform post-project review
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. This policy directive was adopted in May 2016 because most Europeans say they want the same data protection rights across the EU and regardless of where their data is processed. It aims to make Europe fit for the digital age.
The Enforcement date: 25 May 2018, at which time those organizations in non-compliance may face heavy fines.
If you didn't start yet, then this GDPR preparation plan is a must-have, in order to start implementing the necessary measures.
We're here to help you become compliant. The GDPR comes with a set of Rules and Regulations for the protection of personal data inside and outside the European Union (EU) and affects all companies that save personal data from European citizens.
An international organization is defined by the GDPR directive as “an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries” (GDPR Article 4).
We provide example GDPR document templates and also a complete set of GDPR templates in order to help you to comply with the GDPR regulations from the EU. These GDPR document templates are provided in Microsoft Office formats, and easy to customize to your organization’s specific needs. Often completed example documents are also provided in order to help you with your implementation in order to save precious time.
Download this GDPR Implementation Plan as a Gantt chart now or check out our fit-for-purpose GDPR Complete Compliance Kit templates
here! The document(s) will be available to download immediately after purchase.