Compliance audit / assessment / compliance plan
This preliminary assessment for compliance consists of:
- Carry out an inventory of the state of data protection of the Company (Process, Organisation, Technical and Legal),
- Analysis of the processing and identification of personal data (Operational, technical and legal),
- Identification of legal aspects and control of their fields of application, followed by legal and operational recommendations,
- Identification and monitoring of the relationships with your partners, verification or and recommendation for new contracts,
- Assistance with the initialization of the Processing Register,
- Advise in the choice and implementation of a tool to ensure the processing of registers,
- Carry out Impact Assessments (DPIA),
- Identification the procedures to be brought into conformity and then makes operational and technical recommendations,
- Help to audit computer access and networks and then makes recommendations (cyber attack model track),
- Recommendation of the implementation of a cybersecurity policy,
- "Stress" tests of data accessibility (if necessary),
- Advise to the Data Controller and the CEO.
This is a fixed-price support on all legal, operational and technical aspects of compliance. It is delivered within a maximum of 30 days (flat fee including lawyers' intervention)
This offer of an "external DPO" provides the following services:
- The DPO keeps with you your legal records and your "GDPR Report" in accordance with the principles of Accountability,
- The DPO carries out regulatory monitoring to keep you informed of regulatory developments throughout the year,
- The DPO raises awareness and trains the Data Controller: he informs him of new regulatory developments as part of ongoing training,
- The DPO manages relations with the regulator (management of correspondence with the CNIL),
- The DPO is the regulator's contact person in the event of an audit (examines the audit and responds to requests),
- The DPO is the controller's contact person in the event of a data leak,
- The DPO helps to carry out your DPIA analyses,
- The DPO answers your employees' questions about the GDPR via a generic email address,
- The DPO assists you in responding to your members who request to exercise their RGPD rights,
- The DPO provides a training system that includes:
A survey to evaluate the GDPR knowledge of your employees.
- A scoring of your company on its level of knowledge of the GDPR.
- Online training on the GDPR.
- Two days of on-site training during the year with the organization of customized sessions.
This service is offered as an annual flat rate, payable monthly, renewable annually.
Training and awareness raising
This training is both legal (by a lawyer) and operational (by an expert DPO). It includes:
- Diagnosis of assessment of regulatory knowledge by data controllers
- Definition of the action and plan for awareness raising and/or "tailor-made" training on data governance aspects, organization and processes, data security and cybersecurity
This service is offered on the basis of a fixed price (including the intervention of a lawyer specialized in personal data).