Step 1: Create a ‘data protection team’
Identify within your company who will be part of the team that will be responsible for the preparation. Make sure that the team is multidisciplinary (HR, IT, Legal, others?). Make sure to provide sufficient resources and training!
Step 2: Map it!
First and foremost, it is important to map the various data flows and to verify which data is being processed, to which end, how long data is retained, whether the company acts as the responsible one for processing or as processer... After all, all of these questions have consequences for what is needed in the context of compliance (step 3).
Our data protection team has put together a questionnaire which may help you to ask the right questions.
Step 3: Compliance with GDPR
Based on the information which is mapped, the following steps can be prepared, such as:
- Determine the legal basis for every processing and put together a list of the processing activities
- Update security measures
- Update of privacy notice and agreements with processers
- Determine the legal ground for the international data flow and potentially develop or revise suitable contractual mechanisms
- Designate a “data protection officer”?
- Modify and/or develop specific policies (e.g. ICT policy, track & trace policy, camera policy,...)
The Claeys & Engels data protection team is completely ready for the GDPR and is eager to assist you to make your company “GDPR proof” as well!
Contact us here.