GDPR Approach

GDPR affects how all websites targeting Europe must behave. Everyone involved in a Europe-oriented project must understand the core tenets of GDPR and help to keep our clients our of trouble.

Here's our basic structure for each client/project:

  1. Lawyer / 3-party Audit
    1. Website details - We meet with you and give you a tour of the full websites(s), what they do, what they store, and where - Cantilever will fill in the details around the website and how data is stored/transported within the website.
    2. Downstream Audit - Meet with Client and Cantilever and you to determine and document what the client does with the data after the data is stored on the website
    3. The lawyer provides a consolidated punch list of requirements for each site to be compliant. They send to us and the client.
  2. We provide an estimate for items that affect the website and get it approved.
  3. We do the work.
  4. We walk through the changes with you and show them how things have changed
  5. The lawyer provides a letter of assurance that to the best of their knowledge, the site is in compliance with EU privacy laws.

Independently, the lawyer can work with clients on how they manage the data once it reaches their own computers/databases.

Both of us would charge a fee for each client - was wondering what sort of fee structure you were envisioning. We would bill separately but Cantilever can be the lead with each client?

Action Items:

  1. Re-structure project proposal
  2. Create doc to fill out to document data and how its stored and where it flows, what processing is done on it
  3. Update Contracts to include clause that limits our liability with respect to GDPR