Data is cited as an organization’s most valuable asset, but managing and ensuring the privacy of your data is not easy. With the implementation of the EU General Data Protection Regulation (GDPR) legislation, it is even more vital to protect your customer data. Magnitude can help companies adhere to GDPR requirements in context of broader organizational goals, enabling marketers to meet individual customer rights requirements.
Magnitude, with supporting partners, offers a fixed price initiative to get your GDPR efforts on track. The process:
Collect evidence Build initial DPIA
[OPTIONAL] LEGAL OPINION
Accelerated change program Finalize DPIA
[OPTIONAL] LEGAL CERTIFICATION
Operate GDPR Compliant business
This solution can be offered as a fixed bid engagement due to high levels of automation.
STAGE 1: ASSESSMENT WORKSHOP
UNDERSTAND SCOPE OF IN-HOUSE GDPR PROGRAM & HOW WE CAN ASSIST
OBJECTIVES & STAKEHOLDERS
Understand objectives (revenue pillars or service lines) & functions. Understand organization & 3rd party dependencies.
GDPR PROGRAM & ORGANIZATION
Understand GDPR program scope & organization. Roadmap & status. Assess feasibility of DPIA timeline.
T&Cs / CONSENTS FOR PRODUCTS & SERVICES
Understand how scope & expiry of consents for legal use-cases is managed – how we access this for GDPR assist.
LEGAL & RISK ASSESSMENT
Understand how comfortable stakeholders are with legal and risk assessments, make specialist referrals to assist upon request.
Assess how GDPR assist can inform DPIA by identification of who accesses private data.
FIND PRIVATE DATA*
Assess how GDPR assist can inform where private data is held. Check legacy platforms are feasible for remediation [or conversion].
Assess how GDPR assist can create data lineage & usage maps to inform DPIA re use of private data by business processes.
Assess how GDPR assist can inform the impact assessment of a breach e.g. consider which private data is potentially at risk.
Assess how GDPR assist can inform which user/dept/tool accesses private data. Assess how GDPR assist can inform SARs.
Assess how GDPR can build cross-platform data lineage & access maps to inform DPIA according to risk priority defined by client.
Assess whether Teradata Infosec should engage to assist in-house Infosec team e.g. encryption/obfuscation and physical security.
*Informed by Teradata automation
For example, a process that took 7 months at one large company was automated in 4 weeks in a way that provides the proof that the regulator requires. This automation absorbs metadata from multiple databases, ETL tools, BI tools, and other technologies to assist with the overall results. Further, unlike many systems that just look at the lineage of data that is produced, this solution puts equal weight on discovering how data is being used.
The service is non-invasive, can run entirely in the Cloud if desired, and supports ongoing maintenance and monitoring.
Pricing &More Information
For pricing and more information for this fixed price service, please contact us here.