GDPR Roadmap Екатерина В March 21, 2022

GDPR Roadmap+
Implementation Program

Training and support of the working group (project team) on the implementation of the GDPR based on the ISO27701 or Nymity Privacy Accountability Framework.

When should you choose this program?

Do business departments demand the impossible from lawyers in terms of GDPR?
Representatives of business departments themselves make informed decisions and implement them as part of a working group.
Are departments resistant to change?
Based on ISO27701 and the Nymity Privacy Accountability Framework, the working group will create a systematic GDPR Roadmap (a step-by-step list of activities).
Are the GDPR implementation activities conducted inefficiently and limited to solving problems without any satisfying results?
The time, financial, and human resources needed to implement the Roadmap to comply with the GDPR are evaluated. Different departments can coordinate the importance of management changes.
Management does not allocate sufficient resources.
Some types of work require a deeper understanding of the company’s products and business processes. And only members of the working group can fulfill them.

Phase I: GDPR Roadmap Preparation

Establishment of the working group

A working group needs to be established in order to carry out the implementation program. It includes the main stakeholders who deal with the company's customers, on which the success of the project depends.

As a rule, the group includes representatives of every department and division of the company: legal, compliance, information security, IT infrastructure, HR, audit, risk management, marketing, as well as representatives of the main areas and products of the company.

Some tasks require the assistance of persons who have the power within the company; therefore, the working group must include people who make decisions or have a significant influence on them.

Working group training

The working group is trained based on the GDPR Data Privacy Professional course by a certified professional and information privacy manager CIPP/E, CIPM, FIP, MBA – lasting 24 hours (5 full days of classes).

Phase II: GDPR Roadmap Creation


Identification of projects falling under the GDPR over 4 working sessions. Selection of areas, projects, and products, which need to be brought in line with the GDPR. Filling in the register of personal data processing in accordance with Article 30 of the GDPR.


Choosing which of the 150+ requirements of ISO 27001 and 27701 or 139 Nymity Privacy Accountability Framework activities are applicable to your organization.


Ranking of selected activities by risk for the organization and the data subjects, by the complexity of implementation, and by benefits of these activities in the present situation.


Assessment of resources required for the implementation of the GDPR Roadmap (people, including management support; processes; technologies, and tools).

Phase III: GDPR Roadmap Implementation


At this stage, we begin to implement successively the activities planned for the GDPR Roadmap within 4 or 12 working sessions. First of all, we deal with high-risk and high-priority tasks.

All decisions and main tasks are implemented by the working group with the support and training of our certified CIPM manager / CIPP/E consultant.

Some work can be outsourced to our consultants based on the prepaid hours (60 or 120 hours, depending on the selected service package). These hours are allocated by a decision of the working group throughout the entire implementation phase.

Why do you need consulting hours?

Some work may require significant practical experience or in-depth analysis of the problem. The consultant will perform this work much faster and more efficiently.

Who runs the program?

Work format

Working session

Analysis of the auxiliary training module, “division” of tasks (why and what? who and how?), examples, and templates.

Work between sessions

Independent implementation of the selected activities by the members of the working group between sessions.


Support provided between working sessions by our consultants and carrying out the outsourced work.

Packages of services

GDPR Roadmap
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • ≈ 3 months
GDPR Roadmap + 50% Compliance
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • 4 sessions
    GDPR Roadmap implementation
  • 60 hours
  • GDPR Aware up to 200 pers.
    Gift 1
  • ≈ 6 months
GDPR Roadmap + 80% Compliance
  • Training of the working group on the GDPR DPP
  • 4 sessions
    GDPR Roadmap creation*
  • 12 sessions
    GDPR Roadmap implementation
  • 120 hours
  • GDPR Aware up to 200 pers.
    Gift 1
  • GDPR DPT up to 20 pers.
    Gift 2
  • ≈ 12 months

* The calculation of the level of GDPR Compliance, as well as the number of consulting hours, is provided for reference for a typical organization with the number of employees 100-500 people and 3-5 main products / processes with personal data.

Upon the consultation, each package can be tailored to your needs and the specifics of your company.


*1. Identification of areas, projects, and products to be brought in line with the GDPR.

2. Selection of applicable Nymity Privacy Accountability Framework activities.

3. Prioritization of selected activities.

4. Assessment of resources for the implementation of the GDPR Roadmap.


When you complete the form, you will:
  • Have the opportunity to ask questions concerning data protection.
  • Discover if this product is right for your business or project.
  • Receive directions on cost, duration, and other details.

Please contact us to schedule an online meeting with a privacy expert!

P.S. Didn’t find anything that suited your needs on the site? Put a brief description of your situation into the “Comment” field. We are very flexible and offer personalized solutions.

Let's get in touch with us