A basic data protection project, which aims to comply with data protection throughout the company, should start with an initial GAP analysis to determine which documents, policies, processes, etc. already exist. Based on this initial analysis, the gaps can be identified and a project plan can be drafted. The first step is to create the basic documents and processes.

The GAP analysis and assessment of the current situation are carried out with the help of workshops, interviews and document check & review.

• Preparation and completion of the necessary Order processing contracts
• Preparation and conclusion of the necessary contracts for Transfer of personal data within a group of companies
• Create a Privacy handbook with all necessary guidelines and processes as well as the governance structure. The structure includes the responsibility of the respective positions around companies.
• Preparation of a List of processing activities
• Determining the risk of data processing to the rights and freedoms of data subjects (Data protection impact assessment)
• Create a Risk treatment plan with technical and organizational measures
• Create and implement a Test concept to ensure continuous improvement of the level of data protection (PDCA cycle).

In practice, it makes sense to use a software solution right from the start of the project to create the necessary documentation and processes. As a result, implementation costs are reduced due to lower project costs.