The purpose of the engagement was to provide the customer with the following:
- An understanding of the key GDPR Principles
- A map of where the customers organisation processes or technologies fall short of the new GDPR requirements
- Some next step options to close the gaps in compliance.
The engagement was not meant to be a definitive GDPR audit, but a guide to key areas of the customers business that need to be considered.
The engagement started with an onsite workshop followed by the creation of a detailed document describing the customers environment and mapping this to the various key articles contained within the GDPR policy.
The 1-day workshop covered the following areas:
- Gain an understanding of the customers business
- Detailed description of the Compliance and Regulation requirements
- Types of data and locations of data within the organisation
- Overview of the infrastructure environment
- Policies and contracts with 3rd parties or other geographic regions
- Data Protection Officer (DPO) requirements
Current technologies already in use or available to be used Following the workshop TrueSwift composed a detailed Gap Analysis report detailing the key GDPR articles, how they are likely to impact the customers environment and what has been achieved so far by the customer to work towards compliance.
The report concludes with an overall traffic light scale grading and suggested next steps that can be used as a guide to moving forward towards GDPR compliance.