Located in one or more EU countries, your company is subject to national laws regarding the protection of personal data.
The GDPR harmonizes and simplifies these standards:
Non-application of the GDPR: financial sanctions up to 4% of annual global turnover, or € 20,000,000
Should we fear the fine? No, you just have to comply, it's not that complicated.
Beyond the fine, the image of the company is at stake. A loss of confidence can have significant negative repercussions.
This law has an impact on companies and public bodies as regards the management of data for their customers or users. This law concerns all European data management by companies all over the world.
What changes for your company?
We offer to list the different actions for your service providers and we offer our services for all the set-ups.
1st action: List the actions carried out and inform your customers, workers, partners and service providers
Classification of information to identify the personal data processed and stored by your company, as well as that of your partners, service providers or subcontractors, according to several axes related to your information:
- Their identification: by what procedure and for what purpose do you collect personal data?
- Their marking: how long do you keep them for? How to identify them?
- Their classification: storage according to their level of sensitivity.
- Creation of documents listing the procedures: Objective, Treatment, Conservation, Deletion, Risks, Incident.
- Setting up notifications : on your paper documents, website and in your establishments.
- Procedure in the event of an incident: Inform the data protection authority and customers in the event of theft or hacking.
- Implementation of deletion: possibility of requesting sending to another company or deleting data.
- Study of technical automation solutions: Data Loss Prevention software for large structures.
- DPO: Appoint a data protection officer in structures with more than 250 employees or administrations.
2nd action: Verification of security procedures
You must secure your data to avoid incident procedures which can seriously damage your corporate image. Obviously good security costs a lot of money but preventive measures such as the use of passwords, encryption and the implementation of basic security avoid 98% of the risks.
3rd action: Validation of procedures at legal level
Have the general conditions and notifications checked by a lawyer to validate the procedures put in place.
What measures are necessary to set up a truly Privacy by Design service?
You have to ask yourself the right questions from conception:
- What information to retrieve?
- Why do you need it?
- What do you plan to do with it?
What are the marketing and technical consequences?
Consequences on your marketing:
- Improved customer confidence
- Easy procedure in the event of a request for deletion
Technical consequences:
- Creation of a file and implementation of a procedure
