As a GDPR Privacy consulting service provider, we advise our clients in GDPR compliance through a 6-phase implementation approach that includes understanding client business, personal information processed, privacy impact assessment, gap analysis, detail risk assessment, policy documentation, risk remediation support, end user training, monitoring, measurement, and audit, thereby leading to successful GDPR compliance.
With 20 years of Security and Privacy practice, our methodology has been successfully implemented in business of all sizes and sectors, across the globe. Whether you are a startup in AI-ML-Data Science, SAAS, PAAS, IAAS provider, product developer or customer, eCommerce, or brick and mortar local or global business, we have implemented Privacy practices in fairly all industry sectors.
Security and Privacy is everyone’s responsibility. We consider our methodology as most comprehensive as we involve every client key stakeholder in our GDPR - Privacy implementation journey. We ensure ‘privacy by design, and ‘security by design’ principles as part of your business DNA.
How fast can Coral get us GDPR certified? We follow an agile philosophy where phases of the project can run in parallel, resulting in achieving GDPR-Privacy compliance faster.
Contact us today to get started
GDPR Consulting Engagement Phases
Here is a brief overview of all the phases involved in implementing GDPR compliance.
PHASE I - Understanding Business, and Personal Data Processing
Every client is unique with its business model, customers and business objectives.
The GDPR implementation journey starts with this phase where we determine and document the clients’ personal information processing requirements.
Determination of controller and/or processor
Determination of applicable legal basis of data processing
PHASE II - Gap Analysis and Risk Assessment
As the name suggests, this phase is aimed at determining both the current controls and the ‘missing controls’.
In addition this phase involves determining personal information and its lifecycle, with its assets that store, process and/or transmit the information.
How comprehensive is the privacy impact assessment and security risk assessment? We perform a 3-phase risk assessment that involves information assets, privacy and security controls, thereby giving clients an unparalleled view of their privacy and security risks.
Gap Analysis phase is a key phase in designing privacy control responsibility to stakeholders.
This is where identified gaps, applicable controls (based on applicable GDPR requirements), with their references to stakeholders and policy/procedure/practice requirements are determined, and documented.
PHASE III - Design, Documentation and Risk Monitoring
Design involves control allocation responsibility to organisation stakeholders.
Documentation involves drafting 20+ policies and procedures.
The phase involves brainstorming and training staff to align them with documented controls and policies.
Risks identified in the gap analysis are tracked towards closure.
PHASE IV - Privacy Measurement
Measurement involves testing the privacy implementation effectiveness and giving a 0-100% score.
We have a structured methodology using that we score privacy controls based on interplay of business transactions with privacy requirements, and present this to the management using a formal report.
PHASE V - Internal Audit and Management Review
Internal Audit involves verifying the effectiveness of the implemented lifecycle controls through interviews with physical and system verification of applicable privacy policies, as it applies to the organisation control design.
A formal report is published for management committee.