GDPR in 5
simple steps

GDPR can be very difficult to grasp and to comply with. This is why we have created a simplified 5 step model that is fit for every organization. In our GDPR journey you don’t have to worry about the complexity and challenges coming with the new regulation.

Amatas scheme
1

GDPR Assessment

Thorough evaluation of your GDPR compliance. Our certified professionals together with your team will conduct a review and assessment of the current Data Protection and Privacy structures, processes and controls in your organization; identifying all the gaps, privacy risks, areas for remediation and measuring the current level of maturity against our unique GDPR Compliance Management Framework.

Based on the findings we will deliver concrete GDPR implementation strategy, recommendations and roadmap with prioritized steps and milestones. After the completion of your GDPR Assessment, you will have a full GDPR Compliance Report, thus knowing all areas of focus.

2

Data Flow
Analysis

GDPR Articles 6, 30, & 32


Data mapping and inventory are critical components of any privacy program. We will populate the data flow inventory through questionnaires, scanning & data discovery technologies, in person workshops or through a bulk import. The Data flow analysis will enable your organization to visualize the entire data lifecycle, maintain an evergreen data inventory, identify gaps and track recommendations, evidence and approvals for remediating risk.

3

Privacy Impact Assessment

GDPR Articles 25, 35 & 36


Our automated privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) are designed to increase organization-wide adoption and operationalize the Privacy by Design. In your daily routine, we will help you understand the sources of risk and measure the impact of every project you run in your environment. This will help you mitigate these risks and protect the privacy of your customers and employees.

4

GDPR Deployment

During the GDPR deployment phase, we will implement complete Privacy Management Framework and establish all the required processes and procedures. We will advise you on how to adapt your existing technical, physical and administrative controls and support you to implement new ones if needed. Of course, we will make sure that your employees understand the GDPR requirements and apply them accordingly.

5

DPOaaS
(DPO as a Service)

GDPR Articles 7, 12, 13, 14, 16, 17, 18, 19, 20,
21, 24, 25, 28, 29, 33, 34, 35, 36, 46


Our DPO as a Service will help you demonstrate accountability and maintain your GDPR compliance. Our technology enabled approach will relive you from all operational requirements of the regulation – from Data Inventory Management and Data Subjects Access Request Management, past to Consent Management and Personal Data Incident Management, all the way to Privacy by Design and Privacy by Default and Vendor Risk Management.

Our GDPR control framework

One-time GDPR Engagement

GDPR Assessment
GDPR Deployment

GDPR as a Service

Data Mapping and Evergreen Data Inventory GDPR Articles 6, 30, & 32
Data Subjects Rights Management (DPOaaS) GDPR Articles 12, 13, 14, 16, 17, 18, 19, 20 & 21
Web Consent Management (DPOaaS) GDPR articles 7,21
Personal Data Incident & Breach Management (DPOaaS) GDPR Articles 33 & 34
Universal Consent Management (DPOaaS) GDPR Article 7
Privacy by Design and by Default (DPOaaS) GDPR Articles 25, 35 & 36
Vendor Risk Management (DPOaaS) GDPR Articles 28(1), 24(1), 29 & 46(1)
GDPR Readiness Training (DPOaaS)
Continuous Assurance Management (DPOaaS)
GDPR Assessment
Measure your current level of maturity against our unique GDPR Compliance Management Framework Review current Data Protection processes and privacy structures Generate complete Data Protection Impact Assessment Review EU Privacy Cookie Compliance Requirements
Create full GDPR implementation roadmap Receive professional advice for further GDPR design and deployment strategies
arrows
GDPR Deployment
Prepare an Incident Management and Branch Management workflow Operationalize Privacy by Design and by Default Review and remediate vendor and supplier risks Evaluate and benchmark current certification levels
Provide self-service organizational readiness platform Covers all operational levels- Physical, Technical and Administrative
arrows
GDPR Readiness Training (DPOaaS)
Educate your staff on the key requirements of the General Data Protection Regulation Suitable for all employees whose work involves personal data processing Covers all GDPR principles, applications and scopes Systematic, consistent training across all regulation areas
Can be utilized for current employee base or as an induction process for new hires
arrows
Universal Consent Management (DPOaaS)
Define consent types and processes Collect and document consent Embed consent management directly into your websites, devices and internal systems Enable data subjects to exercise rights
Integrate existing business systems and tools Generate real-time consent reports Fully scalable for all business sizes Deployment flexibility in US or EU cloud
arrows
Data Subjects Rights Management (DPOaaS)
Easily capture data subject requests based on regulation-specific requirements Integrate DSAR into your website Define end-to-end subject request processes from assignment to review and approval Track deadlines and file extensions
Full integration with IT Service Management tools Secure data subject communications Complete record of data subject request activities
arrows
Personal Data Incident & Breach Management (DPOaaS)
Prepare full incident management workflows Automatic incident stakeholder assignment Data subject Incident classification and risk analysis Always know whether an incident requires escalation to the data protection authority
Maintain a full audit log of previous incidents and breaches. Full metrics and transparency
arrows
Web Consent Management (DPOaaS)
Provide customers with the choice over sharing their information. Transparent mechanism for obtaining required cookie consent from website visitors. Comprehensive cookie compliance solution. Includes continuous website scanning against a 5.5M cookie database
Flexible interface for managing visitor consent Customizable visitor preferences center.
arrows
Continuous Assurance Management (DPOaaS)
Maintain privacy and personal data protection strategy Organization-level gap analysis and remediation Generate detailed reports on GDPR compliance levels Monitor GDPR framework implementation
Audit your Data Protection Officer’s effectiveness Review and remediate vendor risks Evaluate and benchmark current certification levels Prevent unforeseen GDPR costs and risks
arrows
Data Mapping and Evergreen Data Inventory
Respond to data subject rights request to delete, correct, access, or port their data. Visualize the entire data lifecycle within your organization. Maintain an evergreen data inventory (data processing register). Identify gaps and track recommendations, evidence and approvals for remediating risk.
Generate a complete data and asset map of all your company and third-party resources.
arrows
Privacy by Design and by Default (DPOaaS)
Operationalize Privacy by Design and by Default for each new service, project or process you create. The most comprehensive library of customizable assessment templates Tailored to fit your specific organizational workflows. Start new projects and monitor the progress of their existing projects from any device, through our responsive self-service portal.
Completely tailored experience for your business users, based on their department, role or location. Helps increase the accuracy of the data you’re collecting.
arrows
Vendor Risk Management (DPOaaS)
Analyze vendor data transfers and contractual obligations Conduct vendor due diligence both during the initial onboarding phase as well as re-audit on a risk-based schedule. Vendor privacy and security assessment questionnaires Generate a central record of all your vendors, contracts and data transfers
arrows

How GDP-ready are you?





Try our short GDPR readiness test and avoid a whopping fine of up to 4% (or 20 000 000 euro) of your annual worldwide gross income.


Have you already done your maturity assessment and GAP analyze against the GDPR requirements?

“The right to be forgotten”, “the right to data portability” and “the right to object to profiling” are three of the most notable GPDR requirements. Are you ready to face all of them on May 25 2018?

Have you done your Risks assessment, which means to know and understand what are the risks of operating with personal data?

Do you have a Consent Management System ?

Do you maintain an Evergreen Data Inventory?

Do you have continuous control over maintaining your controls to protect the personal data?

Have you operationalized the Privacy by Design and Privacy by Default concepts?

You are a true GDPR master! We can further help you reduce costs and maintain your GDPR compliance.
Send us Request
True: % False: %
30 %Ready Not ready 70 %
0 /7
Good job!

Get in touch

These data will only be used for the purpose of your inquiry.

Form was sent successfully!