How to comply with the GDPR?

How to comply with the GDPR?

My compliance is an added value,
a quality standard!

Explication-vidéo-RGPD

Video explanation

Are my GDPR tools compliant?

As the digital world is booming, data is circulating faster and faster, and this is also the case for the most sensitive data. Therefore, it is mandatory to protect the personal data of Internet users, your customers and prospects, but also your own staff! It is to protect these personal data that it is particularly necessary to comply with the General Data Protection Regulations.

 

Actecil supports you in your approach to GDPR compliance.

Watch the video

What are the steps involved in carrying out a GDPR audit?

Designate a leader

Designate a leader

Identify your treatments

Identify your treatments

Prioritize actions to be taken

Prioritize actions to be taken

Identify and manage risks

Identify and manage risks

Organize internal processes

Organize internal processes

Document compliance

Document compliance

What is the benefit of carrying out a GDPR audit ?

As a first step, it is necessary to understand the legal framework of the general European data protection regulation. In order to be able to apply the rules of the GDPR, it is necessary to understand the legislation and the consequences of non-compliance.

The General Data Protection Regulation is the new reference text in the European Union regarding personal data.

 

With the explosion of digital technology, the emergence of new uses and the implementation of new business models, it has become necessary to harmonize European legal rules on the protection of personal data. This general European data protection regulation therefore applies to all member states of the European Union. It also applies to foreign companies that process the personal data of European citizens.

 

The aim of the GDPR is to protect the personal data of Internet users. Indeed, with the implementation of the GDPR, it is compulsory to obtain the prior consent of the persons concerned if the company wants to be able to collect their personal data.

Establish a GDPR audit
Objectif-RGPD
In brief

GDPR standards

 

The obligations under the GDPR

The General Data Protection Regulation imposes a number of obligations to be respected :

 

  • The principle of Accountability: this is the obligation for the company to make every effort to comply with the
  • Privacy By Design: this involves protecting personal data from the very beginning of a project to collect and process personal data
  • Keeping a register of the processing of personal data
  • Make data security in your company a top priority
  • Notify the CNIL in case of data leaks
  • Naming a DPO in some cases
  • Carrying out a privacy impact assessment (PIA) for each data processing operation
  • Informing company employees about the GDPR
  • Make sure that your company’s subcontractors apply the GDPR if they have access to company data (personal data of your employees, customers, prospects, ).
Establish a GDPR audit
Obligations-Logiciels-RGPD

What is the approach to be taken to achieve GDPR compliance ?

All structures (private companies, public companies, associations, …) handling personal data concerning European citizens must comply with the GDPR.

 

Here is the procedure to follow to start your GDPR compliance :

 

  1. Conducting a GDPR audit
  2. Create a data log : this log keeps track of the entire compliance process, so it is essential to keep it up to date as you move forward with your GDPR compliance
  3. Classify data : classifying your data will allow you to understand what data to protect and how to protect it according to its
  4. Assessing and documenting the risks of data collection on the privacy of data subjects by carrying out a Privacy Impact Assessment (PIA)

In brief

1. Conducting a GDPR audit

 

2. Create a data log

 

3. Classify data

 

4. Assessing and documenting

Once you have put in place the four previous elements, you will have already made a good start on your compliance with the GDPR.

Here are the three next phases of your GDPR compliance :

Request for quote

How to avoid the penalties incurred in case of non-compliance with the GDPR ?

In addition to the obligations set out in the GDPR, we recommend that you put in place the following elements in order to avoid any sanction from the CNIL and to ensure your compliance with the GDPR :

 

  • Establish a real protection of personal data
  • Be transparent to the data subjects: inform them about the purpose of the processing of these data
  • Have obtained the clear and precise prior consent of the persons concerned by the collection and processing of personal
  • Raise awareness and train your company’s staff on GDPR
  • Have a data backup plan in case of a security breach, this will also provide evidence in the event of a CNIL

To grant the data subjects by the processing of personal data rights :

  • Opposition: the data subject may object to the processing of his/her personal
  • Rectification: the data subject must be able to have his or her personal data corrected if they are inaccurate or if the person’s situation has
  • Forgetting/erasing personal data
  • Access: the data subject must be able to have free access to information on the processing operations carried out on his personal

Contact-demande-découvrir-devis-Actecil

I understood the interest,

now I would like to train!

Discover our trainings

Other pages that might interest you

See all articles