• GDPR is the most comprehensive piece of legislation for protecting individual privacy rights.
  • Came into effect in May 25, 2018 GDPR implementation has implications not only in European Union (EU) but in all parts of the globe where EU data subject is processed. GDPR continues to get regularly updated with new changes.
  • GDPR has 99 articles, some of which specify controller, and processor responsibilities.
  • GDPR implementation involves understanding both privacy rights and security obligations.
  • GDPR penalties can be as high as 4% of global sales depending upon the degree of negligence.
  • An organization’s GDPR compliance journey generally involves determining the personal data processed, whether you are a controller or a processor, determine current state of compliance. The new changes/implementation will involve people, process and technology changes, and ensuring these are implemented and monitored.
  • In Coral we have successfully advised organizations based in Europe and outside, to achieve GDPR compliance, using a 6-phase methodology.

Kindly share your details for GDPR requirements

 General Data Protection  Regulation (GDPR)
Project Phases
Every business is unique, in terms of products, services and processes. Upon understanding your organisation, and personal information exposure, we carry out the following keys steps over an agreed period of time to ensure successful GDPR compliance.

PHASE I - Information flow assessment

This phase involves identification of information sources, and is processing infrastructure that involves personnel, technology, physical infrastructure.

Privacy Impact Assessment

Privacy impact assessment helps answer fundamental questions such as ‘what is the impact on the individual (data subject) upon a breach? Security risk assessment helps answer the questions, - ‘how is this breach occur in the light of present set of security controls?’

With several years of experience in this, we help answer both these questions as well detail recommendation in the context of your products, services and processes, that encompass legal, technical, physical, personal and procedural controls. Identified gaps are provided with detail recommendations.

PHASE III - Control Design and documentation

This phase involves our methodology that involves distribution security responsibility to internal stakeholders, with controls policies and transactions that ensure GDPR is well embedded in the organisation processes. This phase results in rolling out 20+ policies and procedures to ensure that these processes are designed and would remain effective for future initiatives. This also includes nomination of a data protection officer and creating data protection office, for the organisation.


This phase involves tracking the client risks, and documentation on a weekly basis till all internal controls are adequately implemented. We use live project management tools to ensure client has a visibility of the status of their applicable requirements, risks, and policies and procedures.

Performance Tracking

This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.

PHASE VI - Internal Audit

This phase involves verifying the governance system created for the organisation is well in place and ready to declare as GDPR compliant.

At this stage the client has implemented the governance system in completeness.

Call or write to us at :
for proposal / roadmap / information