Creasys supports public and private customers in the process of compliance with the GDPR (General Data Protection Regulation). The support provided includes:
  1. use of the proprietary EPICK™ platform – GDPR Compliance Form
  2. a set of specialist consultancy services

Support the customer organization:
  • in the assessment phases of GDPR compliance;
  • in the subsequent remediation management activities, operating on company processes and organization, ICT assets and processes.
To achieve these objectives, the GDPR compliance approach uses a methodology that is divided into 6 phases as follows:
  • A GDPR General Assessment, carried out at a high level in advance and with rapidity characteristics at an early stage, extended to the main areas of interest in the GDPR field;
  • 5 phases of detailed analysis on specific dimensions of interest for GDPR: Data Analysis, IT Governance, Applications, Technology and Organization.

A. An expert advice is particularly focused on:
  • Analysis of the organization’s strategy, processes and resources, compliance with the GDPR mandatory requirements and the related voluntary requirements.
  • Analysis of customer applications for verification to process sensitive data.
  • Support for the choice of IT security solutions required to manage sensitive data.
The consultancy is provided by a team of experts in governance and risk management in the client’s reference sector, GDPR compliance, legal affairs and training.


B. GDPR Compliance Module of the Governance, Risk e Compliance EPICK™ platform developed by Creasys. The main functions of the module are:
  • Compliance Assessment: to identify the GDPR level of compliance of the client organization and monitor the compliance process over time.
  • Register of Treatments: to track and monitor treatments and key information in accordance with the new Data Protection Regulation.
  • Software Evaluation: to automatically analyze the level of adequacy of software applications from a data protection by design perspective.
  • Remediation Plan: to define and implement the remediation measures that optimize the overall cost/benefit ratio.
  • Reporting: for the automatic generation of reports for the various stakeholders of the adaptation process.

  • Realistic and complete assessment of business risks: risks are estimated in economic and financial terms considering: the sanctions envisaged by the GDPR (actual risk assessed in relation to the state of application of the standard); the effects on: business continuity and reputational damage.
  • Optimization of the cost/benefit ratio of remediation plans: identification of remediation measures (benefits + costs + time); definition of Remediation Plans (by Portfolio Management).
  • Optimization of investments in compliance: enhancement of the analysis and remediation work carried out and its integration into the proposed model.