General Data Protection Regulation (GDPR) Planning
- Step 1: Perform an initial assessment: Perform a preliminary GDPR impact assessment, involving all data privacy/compliance stakeholders, to understand how the regulation effects the organization. Define which processing activities require a Data Protection Impact Assessment (DPIA) by defining the data category, purpose and sensitivity for each activity.
- Step 2: Identify compliance priorities: Cross-reference data categories and business processes to identify which processes utilize personal data. Prioritize compliance actions based on analysis.
- Step 3: Complete a Data Protection Impact Assessment (DPIA): Automatically generate a DPIA that includes business process documentation, assessment of the regulatory risks, description of mitigation measures.