GDPR Methodology and concept of work

In Itera we seek to help our clients to identify and fill the GAPs to become compliant to EU’s GDPR standards.

Digits making up the EU-flag. Illustration.

An important prerequisite for this work is to design a framework which secures a thorough review of the clients’ business processes. This review puts the foundation for our deliverables. We are especially concerned that our clients receive deliverables which are easy to deal with and provides the expected value.

The analysis contains a review of roles which are associated to the different steps in the business process, applications which process data and how the data is stored in the infrastructure.

We follow five steps in our concept of work:

1. Insight and information gathering

Information-gathering in this analysis is done through the processing of existing documentation, analysis of the associated systems, email-communication, interviews and workshops with relevant stakeholders.

2. Role definition and responsibilities

Roles and responsibilities should be revealed through interviews and workshops. In addition, we create an overview of roles which have access to different applications and systems.

3. Business/system process mapping

It is important to create an overview of all relevant business processes. This helps to give a precise estimate of scope of work towards GDPR compliance. In addition, it gives us the opportunity to create a list of priority of which business processes to assess first. The list of priority needs to be updated and verified with the client.

4. GAP Analysis

The observed business processes, systems and data mappings will be evaluated through interviews and a questionnaire. Based on this information we can identify GAPs which are possible breaches to the GDPR standards.

5. Compliance Issues (WPs)

Based on the GAPs, recommended actions are described through a set of work packages (WPs) to close the identified GAPs and ensure compliance. Each work package describes precisely what the client needs to do to secure GDPR compliance