Meeting the GDPR Obligations

Protecting data subjects’ fundamental right to privacy is essential to operating in the digital age. We understand that meeting the requirements of the GDPR is difficult, yet critical to the continued success of your organization. Our goal is to be a collaborative partner for our customers to help them stay ahead of the regulatory curve.

Compliance with GDPR requires the involvement of people, processes, and technology across the organization.

People

Competent resources, staff training & awareness, and commitment from the top down.

Process

Data governance, subject access requests, breach notification, and best practices.

Technology

Identify, protect, and manage your data.

Where Do I Begin?

GDPR compliance is a journey and being fully compliant will take time. The best way to begin compliance is to break the work down into manageable activities. Here are a few suggestions.

Understand the Regulation, determine if it applies to your organization, and don’t go at it alone (work with an expert).

Assess your posture against the Regulation. Identify the type, category, and location of the data you process. Create a data inventory and data flow diagram.

Determine and document the lawful basis for your processing activities under GDPR.

Document the required information as stipulated by GDPR and put a plan in place to maintain this information.

Review current privacy notices and put a plan in place for making any necessary changes for GDPR compliance.

Establish procedures for addressing requests from your data subject, keeping in mind the one-month time constraint.

Review your current breach notification process and put a plan in place to adhere to the 72-hour requirement.

The Core of Our Approach

The ATS approach is unique. We understand that your organization is accountable for GDPR compliance. Our holistic and structured methods will ensure an effective and efficient compliance journey.