We firmly believe that GDPR is a Business Issue and although many organisations will approach things from either a legal or technical perspective, the Ixium approach is driven from a risk based business oriented perspective that enables you understand the scope of the challenge ahead in a language that is familiar.
Our GDPR Readiness Assessment is a short sharp intervention that provides visibility of the scope of work required and a gap analysis outlining the activities required to comply with GDPR. This is then developed into a costed high-level activity plan, that enables you to control your GDPR Programme yourself, supplementing with resource, templates and tools where required.
This 5 step approach is typically carried out on a fixed price basis and will leave you with the following deliverables:
i) Overview of GDPR
ii) Personal Data Sets captured
iii) GDPR Gap Analysis
iv) Programme Plan
v) Delivery Options
GDPR Readiness Assessment
"helping you demystify the Regulation"
Outlined below is a high-level view of the Ixium GDPR Readiness Assessment with illustrations showing some typical readiness assessment templates.
1) Understand Risk Appetite
By understanding the clients attitude to risk arising from GDPR, the programme can be tailored to suit. It is then possible to articulate the risks posed by GDPR.
2) Identify Personal Data Sets
Only by fully understanding the interaction points with customers and employees can an effective approach to GDPR be developed. We look to;
Review and capture the personal data sets that are in use across the organisation from a customer, employee and operational perspective.
Understand volumes and data elements that are collected and processed.
Identify the legal basis for processing for each data set.
Usually this will require meetings / workshops with a range of members of staff from across the organisation
3) Conduct GDPR Gap Analysis
To get a view of the changes that will be required a structured gap analysis is undertaken, identifying the desired target state and effort required. We look to;
Conduct a gap analysis comparing the current approach to GDPR requirements.
This work will be completed remotely with findings being tested with key stakeholders.
4) Develop Target Operating Model
A simple operating model is developed, identifying roles & responsibilities, governance, processes and solutions that will be put in place. We look to;
Develop a target operating model that outlines the operational changes that will be required around GDPR.
Outline impacts on 5 key areas of:
Governance Risk & Control
Data Subject Rights
If required a workshop will be held with key stakeholders to gain buy-in to the proposed approach.
5) Create Programme Plan
A roadmap / plan to support the required changes is developed. We look to;
Develop a high-level plan and approach to delivery that is aligned against the 5 workstreams.
This will be agreed with the sponsor before final recommendations are made.