Project of the preparation of GDPR program, its proper configuration and directing its realization.
A client running a business activity in media industry including the provision of online services. A large number of personal data is processed (million of records). Organization in the initial phase of the analysis of the risk connected with personal data processing. Lack of the compliance with GDPR regulation requirements. The upcoming regulation’s effective date.
Preparation of GDPR program and identification of the working streams and specification of the roles and responsibilities; identification of dependencies between working streams and the key milestones of the project; preparation of the program management structure (including committees, roles in the program and responsibilities) and reporting strategies (including templates, frequency, escalation paths) and communication in the program.
Risk analysis and the analysis of mitigation measures was carried out. On this basis the implementation was effected in the process, legal and IT area.
The organization, within one of the most comprehensive implementations in the Polish market, was prepared on regulation’s effective date (including the areas connected with the processing of data of the clients and employees). During the implementation of particularly necessary IT solutions, no greater problems were observed. One of the most significant areas of implementation, was the automation of the handling of the requests of data entities.