Menu Close

GDPR compliance – audit, consulting and implementation of technical solutions

For GDPR compliance, because the REGULATION is in force and takes effect from May 25, 2018, and reading, understanding the text, as well as taking technical measures and preparing the necessary documentation are laborious, time consuming operations, WEBGROW provides its customers a service designed to assist their efforts in this direction.

The GDPR compliance support service is carried out in three steps

Each package includes (but is not limited to) the following steps:

In order to find out what actions must be taken by your company in order to obtain GDPR compliance in each particular case, a GDPR audit is required. Here are some of the activities we undertake during the audit procedure:

  • detailed interview of the company representative to investigate the situations in which you collect and process personal data;
    mapping of data flows;
  • identifying problematic flows and determining the types of data strictly necessary, as well as those collected in addition;
  • dentifying the ways in which you inform the data subjects, provide them with the necessary control tools;
  • evaluating how you store and manage data;
  • auditing online presences in order to establish GDPR compliance (website, Analytics tools, embedded services from third parties – chat, newsletter, etc.);
  • identification and evaluation of internal procedures from the GDPR point of view;
  • identification of deficient and / or problematic aspects;
  • identification of particular cases;
  • identification of solutions to solve problematic issues, according to the law.

Drafting the GDPR audit document

Following the operations of stage 1, a strategic compliance document is drafted, of approximately 20-30 pages. This document is the basic resource for the GDPR compliance strategy of the audited company and contains the information necessary to remain compliant, and which you must present in the event of a control by the competent authorities.

This document is particularly important because:

  • provides in a single document the resources and information necessary for the company’s GDPR compliance;
  • demonstrates concern for alignment with the provisions of the Regulation and your good intentions in this regard
  • argues the legitimate interests of the company regarding the collection, storage and processing of personal data in order to carry out the activity.
  • lists essential compliance procedures;
  • provides clear answers on the GDPR compliance process.

Elaboration of the necessary GDPR types (10-20 types, as the case may be)

Following the drafting of the GDPR audit document, the need for standardized documents customized to the specifics of the audited company emerges. These documents are developed and customized and you receive them ready to use, along with specific and clear instructions. Thus, in this stage we deal with:

  • Customized writing of the complete set of necessary documents (data flow registers, privacy policy, confidentiality agreements, various types);
  • Online training one by one or for 2, 3 people in the company, on the correct use of the complete set of necessary documents;
  • Consultancy for the implementation of the necessary measures in the compliance process.

Additional GDPR services

In order to align with GDPR requirements, following the audit, there is usually a need to implement technical compliance solutions, such as:

  • installation of a cookie notification solution and integration of the Privacy Policy on the site
  • editing contact forms in accordance with the requirements of the Regulation
  • developing or activating a solution for storing acceptances,
  • scheduling data control options in user accounts,
  • programming of additional security systems (security / encryption of databases) etc.

Thus, the technical implementation of the necessary solutions to ensure GDPR compliance from an IT point of view may also require the programming of systems to notify data subjects, provide the necessary data management tools, store data subject agreements to demonstrate compliance in case of control and so on.

The technical implementations exemplified above are additional services, special for particular cases, and are not included in the audit price. These services are charged hourly, at the standard rate. For our clients who have the websites we work with, we offer free implementation of the necessary technical solutions within 4 hours of work.

It is also possible that third-party solutions identified in the audit process may lead to additional costs.