Scribd Logo
Upload

Welcome to Scribd!

  • GDPR Consultation - (Company) : Derek Palmer, Esq

    Uploaded by

    Devin Thomas
    8 views4 pages
    This document outlines a three-phase GDPR compliance consultation project between [Company] and kidSAFE. The goals are to update [Company]'s privacy policy, consent flows, and conduct a data inventory. Phase one involves completing a data inventory template to document all personal data collected. Phase two focuses on updating registration forms based on the data inventory findings. Phase three wraps up the project by further updating the privacy policy and notices. kidSAFE will provide guidance and suggestions at each phase but full GDPR compliance will not be certified upon completion.

    Original Description:

    Original Title

    3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines a three-phase GDPR compliance consultation project between [Company] and kidSAFE. The goals are to update [Company]'s privacy policy, consent flows, and conduct a data inventory. Phase one involves completing a data inventory template to document all personal data collected. Phase two focuses on updating registration forms based on the data inventory findings. Phase three wraps up the project by further updating the privacy policy and notices. kidSAFE will provide guidance and suggestions at each phase but full GDPR compliance will not be certified upon completion.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views4 pages

    GDPR Consultation - (Company) : Derek Palmer, Esq

    Uploaded by

    Devin Thomas
    This document outlines a three-phase GDPR compliance consultation project between [Company] and kidSAFE. The goals are to update [Company]'s privacy policy, consent flows, and conduct a data inventory. Phase one involves completing a data inventory template to document all personal data collected. Phase two focuses on updating registration forms based on the data inventory findings. Phase three wraps up the project by further updating the privacy policy and notices. kidSAFE will provide guidance and suggestions at each phase but full GDPR compliance will not be certified upon completion.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

     

      

    GDPR Consultation - 
    [Company] 
    XX.XX.2018 
    ─ 

    Derek Palmer, Esq. 


    kidSAFE Seal Program 
    7250 Beverly Blvd, Suite 102 
    Los Angeles, CA 90036 

     

     

    Overview 
    The GDPR, or General Data Protection Regulation, is wide-ranging legislation set to go into 
    effect in Europe on May 25, 2018. The GDPR will impose new requirements on companies 
    that collect data about citizens of the European Union. [Company], as part of its continued 
    efforts to offer privacy compliant services, has engaged kidSAFE to assist with GDPR 
    compliance as it relates to child users.   

    Goals 
    1. Update [Company]’s privacy policy and related privacy notices to better align with 
    GDPR standards; 
    2. Update consent flows and other registration flows to better align with GDPR 
    standards; and 
    3. Complete a limited data inventory to discover and record critical privacy 
    information, including the lawful bases for collecting data under the GDPR. 

    GDPR Compliance 
    Much of the GDPR is still open to interpretation by the enforcement bodies in the individual 
    member countries. As these bodies have yet to issue any enforcement decisions, it remains 
    unclear what compliance will look like in all situations.   
    kidSAFE has been researching the GDPR and existing guidance to assist our members in 
    moving towards compliance.  
    The overall requirements set out by the GDPR are extensive and involve many areas that 
    will not be covered under this project. As such, completion of this project will not indicate 
    that kidSAFE has certified [Company] as GDPR compliant or has conducted a full GDPR 
    audit.   

    Project Structure 
    This project will consist of three phases, which are laid out in the Milestones section below. 
    As member completes a phase, kidSAFE will prepare a new set of documentation for the 
    next phase. This documentation will include information on GDPR standards, note issue 
    areas within [Company]’s services, and provide suggestions and new language as required. 

     

    Milestones 

    I. Data Inventory 
    This data inventory will include information about all personal data being collected 
    by [Company] and important details about that data. kidSAFE will provide you with 
    a template to assist with organizing this information. Prior to providing this 
    template, kidSAFE will attempt to populate it with what information it already has 
    about [Company]. 
    The goal of the data inventory is to get a complete documentation of what 
    information is being collected from users along with how that data is being 
    collected, shared, and used.   
    We will also use this data inventory to begin documenting the legal bases for 
    collecting this data under the GDPR. It is important to have a tangible record 
    showing that [Company] has taken the time to review its data collection practices 
    and that you have valid bases for collecting this information under the GDPR.   
    This phase will be broken down into a two sub-phases: 
    A. [Company] will complete most of the data inventory template, with exception 
    of “lawful basis for collection” column  
    B. kidSAFE will work with [Company] to determine the most fitting lawful basis 
    for collecting each piece of data 
     

    II. Updating Consent & Registration Flows 


    Once the data inventory is complete, kidSAFE will have a better understanding of the 
    lawful bases [Company] is using to collect and process personal data. Depending on 
    these findings, [Company] may need to modify the language within its registration 
    forms and related emails.   
    The GDPR has numerous requirements in order for a consent to be considered 
    valid. These will be discussed further in the phase two documentation. kidSAFE will 
    evaluate your current registration flows and make suggestions for how to add 
    notices and other changes to help you collect a valid consent under the GDPR. 
     
     

     

    III. Updating Privacy Policy and Privacy Notices 


    Phase three will consist of adding language to the existing [Company] privacy policy 
    to cover areas relevant to the GDPR. These will include integrating some of the data 
    inventory elements, adding information about user’s access rights under the GDPR, 
    and noting important areas like data retention policies. 
    In addition to updating the privacy policy, phase three may involve adding privacy 
    notices to registration forms and other areas that collect personal data. Some of 
    these changes may be handled as part of phase two, but any final suggestions and 
    updates will be addressed here. 

    You might also like