Fast Track Your GDPR Compliance Efforts

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Organizations often tackle compliance efforts in an ad hoc manner, resulting in an ineffective use of resources.
The alignment of business objectives, information security, and data privacy is new for many organizations, and it can seem overwhelming.
GDPR is an EU regulation that has global implications; it likely applies to your organization more than you think.

Our Advice

Critical Insight

Financial impact isn’t simply fines. A data controller fined for GDPR non-compliance may sue its data processor for damage.
Even day-to-day activities may be considered processing. Screen-sharing from a remote location is considered processing if the data shown onscreen contains personal data!
This is not simply an IT problem. Organizations that address GDPR in a siloed approach will not be as successful as organizations that take a cross-functional approach.

Impact and Result

Follow a robust methodology that applies to any organization and aligns operational and situational GDPR scope. Info-Tech's framework allows organizations to tackle GDPR compliance in a right-sized, methodical approach.
Adhere to a core, complex GDPR requirement through the use of our documentation templates.
Understand how the risk of non-compliance is aligned to both your organization’s functions and data scope.
This blueprint will guide you through projects and steps that will result in quick wins for near-term compliance.

Fast Track Your GDPR Compliance Efforts Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should fast track your GDPR compliance efforts, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Fast Track Your GDPR Compliance Efforts – Executive Brief

1. Understand your compliance requirements

Understand the breadth of the regulation’s requirements and document roles and responsibilities.

2. Define your GDPR scope

Define your GDPR scope and prioritize initiatives based on risk.

3. Satisfy documentation requirements

Understand the requirements for a record of processing and determine who will own it.

4. Align your data breach requirements and security program

Document your DPO decision and align security strategy to data privacy.

5. Prioritize your GDPR initiatives

Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

10.0/10

Overall Impact

$25,779

Average $ Saved

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Leprino Foods Company

Guided Implementation

10/10

$2,339

Confirmed my thought process.

Experience Grand Rapids

Guided Implementation

10/10

$12,999

Alan gave me very valuable advice on how to approve our program of work. If I had this when I started, I truly believe I would have completed the w... Read More

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

N/A

Alan has a great understanding of the topic area.

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

$61,999

Aaron provided a great overview of the GDPR and CCPA landscape. He tailored the InfoTech standard approach to my company's specific size, industry... Read More

Helmerich & Payne, Inc.

Workshop

9/10

$30,999

110

Best: being able to tailor the workshop to where our privacy program was currently at and not deal with a general off the shelf option. Worst: on... Read More

The Task Force for Global Health

Guided Implementation

10/10

$12,742

Aaron was super knowledgeable. He walked me through the process and kept me abreast of new developments surrounding GDPR. He also pointed me to res... Read More

Citron Hygiene

Guided Implementation

10/10

$2,000

The American Institute of Architects

Workshop

9/10

$117K

Info-Tech analysts are the best. Aaron and Cassandra are both very professional in guiding AIA's team with step-by-step process, tools, the entire ... Read More

Werner Co.

Workshop

10/10

$63,667

Rita was a very knowledgeable, energetic facilitator. She worked it through and spent after hours time ensuring a successful workshop. Worst part ... Read More

ChoiceTel

Guided Implementation

10/10

$1.12M

Best parts were just being able to talk to someone who understands the issue around GDPR and help give some guidance. We will be planning on divi... Read More

ATS Automation Tooling Systems Inc

Guided Implementation

10/10

$10,000

The American Waterways Operators

Guided Implementation

10/10

$5,093

Packaging Machinery Manufacturers Institute

Guided Implementation

9/10

N/A

ABP Induction

Guided Implementation

6/10

N/A

Pita Pit Limited

Guided Implementation

10/10

$9,000

Rita is extremely knowledgeable and delivers content in a way that we can absorb and understand fully.

Starwood Capital Group

Guided Implementation

10/10

$127K

The session was very detailed.

Ecore International

Guided Implementation

7/10

N/A

Werner Co.

Guided Implementation

9/10

$70,034

Sodexo - Europe

Guided Implementation

8/10

N/A

Load More Testimonials

Workshop: Fast Track Your GDPR Compliance Efforts

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Understand Your Compliance Requirements

The Purpose

Kick-off the workshop; understand and define GDPR as it exists in your organizational context.

Key Benefits Achieved

Prioritize your business units based on GDPR risk.
Assign roles and responsibilities.

Activities

Outputs

1.1

Kick-off and introductions.

1.2

High-level overview of weekly activities and outcomes.

1.3

Identify and define GDPR initiative within your organization’s context.

1.4

Determine what actions have been done to prepare; how have regulations been handled in the past?

1.5

Identify key business units for GDPR committee.

1.6

Document business units and functions that are within scope.

1.7

Prioritize business units based on GDPR.

Prioritized business units based on GDPR risk

1.8

Formalize stakeholder support.

GDPR Compliance RACI Chart

Module 2: Define Your GDPR Scope

The Purpose

Know the rationale behind a record of processing.

Key Benefits Achieved

Determine who will own the record of processing.

Activities

Outputs

2.1

Understand the necessity for a record of processing.

2.2

Determine for each prioritized business unit: are you a controller or processor?

2.3

Develop a record of processing for most-critical business units.

Initial record of processing: 1-2 activities

2.4

Perform legitimate interest assessments.

Initial legitimate interest assessment: 1-2 activities

2.5

Document an iterative process for creating a record of processing.

Determination of who will own the record of processing

Module 3: Satisfy Documentation Requirements and Align With Your Data Breach Requirements and Security Program

The Purpose

Review existing security controls and highlight potential requirements.

Key Benefits Achieved

Ensure the initiatives you’ll be working on align with existing controls and future goals.

Activities

Outputs

3.1

Determine the appetite to align the GDPR project to data classification and data discovery.

3.2

Discuss the benefits of data discovery and classification.

3.3

Review existing incident response plans and highlight gaps.

Highlighted gaps in current incident response and security program controls

3.4

Review existing security controls and highlight potential requirements.

3.5

Review all initiatives highlighted during days 1-3.

Documented all future initiatives

Module 4: Prioritize GDPR Initiatives

The Purpose

Review project plan and initiatives and prioritize.

Key Benefits Achieved

Finalize outputs of the workshop, with a strong understanding of next steps.

Activities

Outputs

4.1

Analyze the necessity for a data protection officer and document decision.

4.2

Review project plan and initiatives.

4.3

Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.

GDPR framework and prioritized initiatives

4.4

Develop a data protection policy.

Data Protection Policy

4.5

Finalize key deliverables created during the workshop.

List of key tools

4.6

Present the GDPR project to key stakeholders.

Communication plans

4.7

Workshop executive presentation and debrief.

Workshop summary documentation

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents