ACI has developed a phase project for companies wanting to achieve “EU General Data Protection Regulation Compliance”. The project consists of 3 phases and 6 activities as illustrated below.
Phase one: Screening consists of an overall review of all data sources within the company to identify the data types the company processes and the way in which processing takes place. This phase results in a clear definition of whether or not the company has or is processing data that falls within the scope of the EU GDPR.
Phase two: Consists of a legal analysis and an analysis of the control environment protecting the data. The legal analysis is conducted by the company’s own legal department, your choice of law firm or by ACI’s partner: Bird&Bird.
Phase three: The results of the previous two phases are processed in a risk assessment. A risk register is developed outlining the risks of the company’s current practice in handling sensitive data. Finally, an operational mitigation plan is established providing EU GDPR compliance for risks needing a reduction in their risk level.
Please contact Bo Thygesen at firstname.lastname@example.org for more information about our services related to EU General Data Protection Regulation Compliance or if you would like a quote based on your company.