GDPR Compliance Services

f society is currently working for several Organizations to create a GDPR compliance roadmap.  Moreover, f society enables organizations to understand the steps one needs to take in order to ensure GDPR compliance.

f society can help its customers prepare for the GDPR.

our GDPR services

The following phases distinguish the project of preparing an organization to comply with the GDPR requirements.


Identification, Data Mapping & Data Flow Analysis


As part of an EU General Data Protection Regulation (GDPR) compliance project, organizations will need to map their data and information flows in order to assess their privacy risks and to form part of their Article 30 documentation. f society uses its methodology in order to effectively map its customers’ data, understand the information flow, describe it, and finally identify its key elements.


GAP Analysis


f society’s GDPR Gap Analysis Services assesses the extent of its organization’s compliance with the GDPR (General Data Protection Regulation) and helps identify and prioritize the areas that they should be urgently addressed.


Data Privacy Impact Assessment (DPIA)


Anytime you begin a new project that is likely to involve “a high risk” to other people’s personal information, the GDPR requires a Data Protection Impact Assessment (DPIA). f society can take over the DPIA and include a template to help its customers execute such an assessment by conducting:

  • a systematic description of the envisaged processing operations and the purposes of the processing, including the legitimate interests pursued by the controller
  • an assessment of the necessity and proportionality of the processing operations in relation to the purposes,
  • and finally an assessment of the risks to the rights and freedoms of data subjects.

Implementation of Action Plans


f society can provide its customers with a methodology and answer questions such as:

  • How to initiate an action plan for compliance?
  • What are the different stages of implementation?
  • What does the accountability principle stand for in practice?
  • How to conduct a Data Protection Impact Assessment?

Contingency Plan


f society provides contingency planning – for purposes of information security. f society’s solutions deliver a coordinated strategy of

  • various plans,
  • procedures,
  • technical measures
  • initiatives

for ensuring the recovery of information systems, operations, and data after disruption of services. In addition, f society provides consultancy regarding comprehensive contingency planning.


Audits – Controls


f society’s GDPR audit assesses our customers’ organization’s or company’s

  • processes,
  • systems,
  • records
  • activities

to:

  • safeguard that enforces the appropriate and adequate policies and procedures
  • Detect data breaches or potential cyber violations to comply
  • Conduct assessment and adequacy of internal controls
  • Authorize and validate the principles, policies, and procedures are monitored and adhered to recommend changes in controls, policies, procedures, and IT platforms.

The scope of f society’s GDPR audit is agreed upon in consultation with the stakeholders to identify relevant data protection risks within the organization. It takes into consideration both generic data protection issues as well as specific concerns about data protection policies and procedures.


Awareness – Training


f society can help its customers educate themselves and their workforce in relation to whose data is held, what data is held, why the data is held, how long the data should be retained for, and where the data is held/stored.


Ongoing Management & Follow-up


GDPR is an ongoing and evolutionary compliance journey for every organization and company. f society assists with providing Data Protection Officer services as well as a high level of support to the Information Officer. f society also ensures:

  • the mantainance of the process and tools capture consent in a structured way to maximize opt-ins,
  • to adopt the technology to maintain up-to-date records of communication preferences,
  • and finally, to set up the protocols and determine which people will manage ‘legitimate interest’.