Phase 0: Kick-off

• Informative course on the GDPR privacy law, we want to make these law write-ups easier to understand
• We want to raise awareness on privacy and cybersecurity within the board of directors, management and other key figures within the company or organization
• We shall demonstrate the AVG.Management Tool and all of its functions.
• A Basic privacy training

Phase 1: Making an inventory of:

• The key figures that play a part concerning privacy within the organization
• The suppliers, customers, partners, Clients, Data Processors, Data Controller, and recipients of this data
• Infrastructure, information systems (and the amount of Data protection by design & default)
• Business processes and data processing within the organization
• Personal data, the terms of storing this data, and legal bases
• Privacy policies and privacy statement
• Risks and threats
• Any needed Privacy Impact Assessments
• Any needed Data Protection Officers
• Cookie statement compared to the actual situation
• Any taken technical and organizational security measurements
• Inserting this data in the AVG.Management Tool
• Privacy related issues via professional guidance on location or remotely.

Phase 2: Analyses aided by:

• The current situation: what is available now partaking to privacy- and security means
• The steps needed to become GDPR compliant
• Researching Privacy by design and Privacy by default
• Checks on policies including but not limited to: Information security, data leaks and rights of the data subjects
• Behaviouralcontrol concerning privacy
• Risks and Business impacts
• Evaluation of taken technical and organizational security measurements
• Legal view concerning the processing agreements
• Analyses using the AVG.Management Tool

Phase 3: Action plan:

• Determining the scope of the action plan involving technical, organizational and legal measurements
• To discuss a specific roadmap and a PDCA-cycle
• Instructing key figures within your organization
• Create and/or edit the privacy statements
• Create and/or edit the cookie statements
• Generate processing agreements
• Create and/or edit the procedure on data leaks
• Create and/or edit the policies on information security management
• Creating a protocol on handling the rights of data subjects and data leaks
• Assigning a privacy officer, guard(s) and/or a data protection officer
• Privacy Impact Assessment
• Plan evaluation meetings according to the Plan-Do-Check-Act cycles
• Reporting in the shape of short presentations