How to comply with the GDPR?

GDPR compliance is an added value,

a quality standard!

What are the steps involved in carrying out a GDPR audit?

Contact us

What is the approach to be taken to achieve GDPR compliance ?

All structures (private companies, public companies, associations, …) handling personal data concerning European citizens must comply with the GDPR.


Here is the procedure to follow to start your GDPR compliance :


  1. Conducting a GDPR audit
  2. Create a data log : this log keeps track of the entire compliance process, so it is essential to keep it up to date as you move forward with your GDPR compliance
  3. Organize the storage of your data: structuring and rationalizing them while ensuring the level of data security.
  4. Assessing and documenting the risks of data collection on the privacy of data subjects by carrying out a Privacy Impact Assessment (PIA)

In brief

1. Conducting a GDPR audit


2. Create a data log


3. Classify data


4. Assessing and documenting

Once you have put in place the four previous elements, you will have already made a good start on your compliance with the GDPR.

Here are the three next phases of your GDPR compliance :

Request for quote

What is the benefit of carrying out a GDPR audit ?

As a first step, it is necessary to understand the legal framework of the General European Data Protection Regulation. In order to be able to apply the rules of the GDPR, it is necessary to understand the legislation and the consequences of non-compliance.

The General Data Protection Regulation is the new reference text in the European Union regarding personal data.


With the explosion of digital technology, the emergence of new uses and the implementation of new business models, it has become necessary to harmonize European legal rules on the protection of personal data. This general European data protection regulation therefore applies to all member states of the European Union. It also applies to foreign companies that process the personal data of European citizens.


The GDPR aims to protect the personal data of internet users. Indeed, with the implementation of the GDPR, it is compulsory to obtain the prior consent of the persons concerned if the company wants to be able to collect their personal data.

Establish a GDPR audit

I understand the importance of GDPR compliance,

now I would like to receive training and undergo a GDPR assessment !

Discover our trainings
In brief

GDPR standards


The obligations under the GDPR

The General Data Protection Regulation imposes a number of obligations to be respected :


  • The principle of Accountability: this is the obligation for the company to make every effort to comply with the
  • Privacy By Design: this involves protecting personal data from the very beginning of a project to collect and process personal data
  • Keep a record of personal data processing.
  • Make data security in your company a top priority
  • Notify the CNIL in case of data leaks
  • Naming a DPO in some cases
  • Carrying out a privacy impact assessment (PIA) for each data processing operation
  • Inform company employees about GDPR and cybersecurity.
  • Make sure that your company’s subcontractors apply the GDPR if they have access to company data (personal data of your employees, customers, prospects, ).
Establish a GDPR audit

How to avoid the penalties incurred in case of non-compliance with the GDPR ?

In addition to the obligations set out in the GDPR, we recommend that you put in place the following elements in order to avoid any sanction from the CNIL and to ensure your compliance with the GDPR :


  • Establish a real protection of personal data
  • Be transparent to the data subjects : inform them about the purpose of the processing of these data
  • Have obtained the clear and precise prior consent of the persons concerned by the collection and processing of personal
  • Raise awareness and train your company’s staff on GDPR and cybersecurity.
  • Have a data backup plan in case of a data breach or cybersecurity attack, which will also provide evidence in the event of a data protection authority inspection.

To grant the data subjects by the processing of personal data rights :

  • Opposition: the data subject may object to the processing of his/her personal data
  • Rectification: the data subject must be able to have his or her personal data corrected if they are inaccurate or if the person’s situation has
  • Forgetting/erasing personal data
  • Access: the data subject must be able to have free access to information on the processing operations carried out on his personal


Video explanation

Are my GDPR tools compliant?

As the digital world is booming, data is circulating faster and faster, and this is also the case for the most sensitive data. Therefore, it is mandatory to protect the personal data of Internet users, your customers and prospects, but also your own staff! It is to protect these personal data that it is particularly necessary to comply with the General Data Protection Regulations.


Actecil supports you in your approach to GDPR compliance.

Watch the video

Other pages on GDPR and cybersecurity that may interest you

See all articles