Periodic Reporting for period 1 - U2PIA (Universal application 2 conduct Privacy Impact Assessment analysis and reports)
Reporting period: 2016-11-01 to 2017-03-31
With the support of Orlandi & Partners Studio Legale, renowned legal experts focused on privacy and data protection that bring their deep expertise in legal privacy matters, we are launching U2PIA, a disruptive cloud platform designed to enable creation of in-depth analysis of the risks to which Personal Data are subject through a Privacy Impact Assessment (PIA). Our platform will address the requirements of the mandatory European regulation (approved on 2016/04/14, all EU member countries must have transposed it by 2018-05-06, and it shall apply from 2018-05-25), to avoid the huge penalties and severe sanctions that they could suffer if not executing properly this action (failure to comply exhibit manager to sanction a risk up to 20 million euros or, if higher, up to 4% of annual worldwide turnover).
• Established a development and testing methodology that maximises reliability and user engagement.
• Deployed a development and testing infrastructure following the agile development methodology.
• Plan our future DEVOPS infrastructure (development operations) architecture that will allow us to maintain 3 different versions of our solution in 3 different sites: (1) production site; (2) internal testing site; and (3) internal development site.
• Defined the final version of our multi-tenant architecture.
• Advance in the development of each of the layers of our solution and prepare next steps, identifying both the resources and the development time to complete our solution, including a preliminary budget.
• Identified the main development risks and defined mitigation measures and contingency strategies.
• Finally, we have defined our needs in regards with the recruitment process to strengthen our team and implement the devised developments to finalise U2PIA.
To assess the commercial and financial viability, we have:
• Carried out a thorough market study, and established both our total available market (TAM), our potential market and the primary segments to focus on during the first 5-years of business.
• Run a market survey among a set of representative end-users of each of the targeted primary segments to further adapt our tool to each user profile and well-adapt to real users’ needs.
• Recruited the support of a set of representative end-users that will help us test our solution and validate the final commercial version.
• Defined a strategy that maximises our strengths to fully leverage the immense opportunity coming from this EU-wide need to realise PIAs.
• Built a preliminary commercialization and marketing plan (including SEO/SEM actions), accurately determining margin, price strategy, distribution channels, partnerships, including a preliminary estimation of the budget for commercialisation and exploitation actions.
• We have defined our IPR strategy and carried out freedom to operate studies, executing several measures to protect our IP rights and guarantee full freedom to commercialise U2PIA.
• Finally, we have identified the main commercialisation risks, setting mitigation measures and contingency strategies.
To assess the financial viability of our project, we have:
• Elaborated trading projections for different scenarios (worst-case and realistic), paying attention to a well-defined cost-structure that validate both the financial and the business viability of U2PIA even in the worst-case scenario.
• Elaborated the overall budget for executing both Phase-2 and the subsequent Phase-3 (commercialisation), and validated that we count with all necessary human and material resources.
U2PIA business opportunity will let us monetize our knowledge in ICT risk and privacy assessments through a full portfolio of B2B services customised for each segment. An opportunity that we value in a European Total Available Market of 200,000+ public instances, 250,000+ consultants and DPOs (Data Protection Officers) and 21 million private companies, all of them in the need of affordable and educational ICT risk assessment tools valid to perform the mandatory PIA.