How can we help you?

Span’s end-to-end GDPR service

Ensuring GDPR compliance is a complex task with many legal, procedural and technical aspects and challenges. We offer a comprehensive approach – from reviewing and drafting documentation, legal consultation, to procedural and technical alignment, and implementation of software solutions. Our solutions and services are specifically customized to your needs and level of compliance required by your organization.

Please select specific services for more information

Gap Analysis

Gap Analysis service provides an in-depth analysis of business processes in relation to GDPR requirements. Target group includes customers’ employees such as the data protection officer, business process owners, legal and IT department staff.

This module is used to determine the life cycle of personal data within an organization in relation to GDPR requirements by analyzing business processes. Module can also be leveraged to ensure compliance with existing rules, policies, procedures and documentation from a legal perspective, and identifying where personal data is being stored within your organization’s ICT system and how system security stacks up to GDPR requirements.

Service delivery:

  • Detailed gap analysis report (legal, process and technical)
  • Created records of processing activities pursuant to requirements of Article 30* (optional)
  • Compliance recommendations and action plans
  • Final presentation

* Records of processing activities are created in Span PDP and the customer is provided with two months of free use upon completion of the project. If the customer chooses not to subscribe to Span PDP during that period, records of processing activities are delivered to him as Excel reports.

Recording Processing Activities

This service is used for creating records of processing activities as stipulated under Article 30 of GDPR. Target group includes customers’ employees such as the data protection officer, business process owners, legal and IT members.

Service delivery:

  • Created records of processing activities pursuant to requirements of Article 30*
  • Project status report with recommendations for improvement (optional)
  • Span PDP training (optional)
  • Final presentation

* Records of processing activities are created in Span PDP and the customer is provided with two months of free use upon completion of the project. If the customer chooses not to subscribe to Span PDP during that period, records of processing activities are delivered to him as Excel reports.

Reviewing and Drafting Documentation

This service helps ensure that the organization’s legal documents comply with GDPR requirements by allowing the customer to: review existing documents, identify missing documents and create new documents.

Target group includes customers’ employees such as the data protection officer and legal department staff.

Service delivery:

  • Updated versions of existing documents
  • Creating missing documents
  • Reports with recommendations for creating or amending documents, as needed
Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) offers impact assessment for processing activities that are likely to result in data protection risk in accordance with GDPR requirements and can be selected as a stand-alone service or as part of Gap Analysis or Reviewing and Drafting Documentation.

Target group includes customers’ employees such as the data protection officer, business process owners, legal and IT department staff.

Service delivery:

  • Report on data protection impact analysis for high-risk processing activities
  • Data flow overview
  • Data processing risk analysis
  • Recommendations for improving existing processes (solutions for mitigating regulatory risk exposure)
Legitimate Interest Assessment (LIA)

This service provides legitimate interest assessment for processing activities based on legitimate interest and can be selected as a stand-alone service or as part of Gap Analysis or Reviewing and Drafting Documentation.

Target group includes customers’ employees such as the data protection officer and legal department staff.

Service delivery:

  • Legitimate Interest Assessment report
Security Solution Implementation

This service allows for implementation of various technical solutions aimed at improving security measures in accordance with GDPR requirements, such as data classification and encryption tools, data leakage protection, database monitoring and protection, etc. Security Solution Implementation can be selected as a stand-alone service or as part of Gap Analysis

Target group includes customers’ employees such as the data protection officer and IT department staff.

Service delivery is done according to specific customer needs and requirements.

Project eDiscovery

Project eDiscovery allows the customer to automatically search unstructured data in storage repositories for the purpose of identifying personal data and can be selected as a stand-alone service or as part of Gap Analysis. Technical consultants temporarily install specific software inside customer infrastructure for the purpose of providing this service.

Target group includes customers’ employees such as the data protection officer and IT department staff.

Service delivery:

  • Automated reporting and results break-down w/ overview of personal data volumes sorted by searched and reviewed repositories
  • Comparison of actual situation with assessed and estimated personal data collections found by process analysis (optional)
Workshops

Span periodically organizes GDPR workshops with the intention of informing and educating participants. Emphasis of such workshops is on practical guidelines for establishing a data protection framework within the organization and efficient data processing management.

Target participants include data protection officers, lawyers, heads of departments dealing with significant volumes of personal data, owners or directors of small and medium-sized enterprises, as well as anyone interested in GDPR.

Workshop topics:

  • Introduction to GDPR
  • GDPR requirements and Act on Implementation of the General Data Protection Regulation
  • Data Protection Officer
  • Practical organizational compliance example
  • Legal documentation examples
  • Legal documentation examples
  • Span PDP – example record of processing activities
Education and Training

This service includes a one-day workshop for organization employees on GDPR-related topics. Workshop duration and content is arranged depending on the needs and requirements of your organization.

Recommended topics:

  • Introduction to GDPR: principles, data subjects’ rights, sanctions
  • Obligations and relations between GDPR entities
  • Personal data protection
  • Practical advice
Consulting and Support

Consulting and support are available to customers as a separate service or as part of any of the existing services, depending on specific needs and requirements.

Example activities:

  • Span PDP training and data entry assistance*
  • New processing activity analysis
  • Revision of existing processing activity records
  • Counseling on specific GDPR topics

*Optional, for purposes beyond the scope of education and training activities included in the Span PDP subscription package