INFIGO "GDPR In-Depth" service offers to companies a thorough assessment of the current state of the company in terms of GDPR compliance and the development of a detailed alignment plan to individual GDPR articles.
The service is intended for companies with higher maturity levels that have previous experience with compliance processes, privacy and personal data protection, and that want to raise more their maturity level through planning and implementation of new organizational and technical measures. The primary objective of this service is the detailed mapping of GDPR requirements to the company's business processes and to determine the level of compliance and areas of high risk in the sense of the GDP regulation.
A detailed plan of GDPR compliance with the recommendations for the optimization of the harmonization process is prepared, in accordance with the findings of the analysis carried out and in cooperation with the responsible persons within the company. The compliance plan considers the existing technological and organizational resources of the company as well as the identified priorities and provides guidelines and recommended steps to raise the level of compliance over a defined period of time.
Identification of key business processes of an organization in terms of collecting and processing personal data,
Identification of personal data, the determination of the ownership and of the location at which they are saved,
Evaluation of the business needs for collecting and processing personal data,
Analysis of organizational and technical procedures used to collect personal data,
Analysis of personal data flows within the organization and to third parties.
Assessment of GDPR compliance readiness
Identification and recognition of key risks and threats in the personal data protection area,
Evaluation of existing technical and organizational controls related to the protection of personal data,
Evaluation and mapping of existing controls on GDPR requirements,
Identifying gaps and opportunities for improvement,
Estimation of the company’s exposure to the risk of GDPR non-compliance,
Assessment of the company's level of awareness in relation to GDPR.
Drafting of the final report,
Presentation of findings to the responsible persons within the company.
The result of the service provided is a report for the responsible persons within the company with the following characteristics:
Description of the increased risk level areas and exposure of the company in the context of the GDPR regulation,
Inventory of the identified personal data with their ownership and location,
Description of personal data flows inside and outside the company,
Estimation of the company’s compliance level with GDPR requirements,
A prioritized compliance plan at the organizational and technical level,
Improvement plan for existing technical measures to achieve additional GDPR compliance.
The estimated duration of the GDPR "In-Depth" analysis is 3 weeks, although it may vary depending on the size and complexity of the company.