Today, any European company, regardless of its size, has the obligation to comply with the GDPR. But where to start and how to set up an effective and easy to implement compliance programme?
This is what we discussed during our webinar on Wednesday November 18th 2020.
Since May 25th 2018, the General Data Protection Regulation (GDPR) regulates the processing of personal data within the European Union.
Ensuring optimal data protection at all times and being able to demonstrate this by documenting compliance has therefore become even more important for your company.
In order to meet this obligation, it is necessary for you to undertake a GDPR compliance program and to progress in your digital maturity.
How do you start your own GDPR compliance project?
Before starting your own project, you must ensure that you collect only the necessary personal data for your activity and you must also ensure the data is processed lawfully.
Once this task has been completed, you can think about implementing the following steps:
- Designate a pilot: a conductor to steer the governance of your data. Do you need to appoint a Data Protection Officer (or DPO)? Find out here.
- Set up a record of data processing activities including a data retention record
- Sort through the personal data you hold
- Secure the personal data you hold
- Set up a process to handle individual rights’ requests
- Document your compliance
- Train your employees
- Set up a process to report personal data violations to your local data protection authority when applicable.
What about making your website compliant?
This is not only a formal aspect but also affects your reputation. The first contact with a company is often made through your website. The website is the showcase of every company. Being transparent and providing clear and complete information is the basis to create a trusting relationship with the people whose data you process (users of your website, customers, prospects, suppliers, etc.).
What GDPR information do you need to have on your website?
– Privacy policy: mandatory whenever you process personal data in the context of your activity.
– Cookie policy: mandatory if you use cookies and/or similar other technologies on your website.
– Cookie consent banner: informs users of the presence of cookies on your website as well as their purposes, and allows users to accept or refuse non-essential cookies of their choice at any time.
What are the best tools to help you with your GDPR compliance?
You can use several tools.
Generic tools and guides provided by authorities:
National data protection authorities have published generic tools (e.g. the APD’ tools in Belgium, or those of CNIL in France) that give you an initial basis for compliance, and need to be filled in manually with the required information.
These are generic templates to be completed, requiring legislative oversight and regular updates from your side.
Specialised software
On one hand there are generic document templates common to all activities, and on the other hand there are technological tools, such as Admeet compliance solutions.
These solutions allow you to customise your policies based on the specific context of data processing activities within your company and offer you dynamic legal updates in relation to applicable legislative changes.
At Admeet, we offer B2B solutions that allow you to create:
- Privacy policy
- Cookie policy
- Cookie consent banners
- Consent management scripts to collect valid consent from your users on your website.
The solutions can be use even by non-experts and allow a significant time saving compared to traditional methods.
We promote a right balance between consumers’ rights and the needs of organisations. Behind personal data are individuals, and we are committed to upholding their rights.
We believe transparency of information is a fundamental value. We ensure the information provided to individuals is displayed in a clear format and intelligible language suitable for a general audience. Our layered policies have been developed according to the principle of “transparency by design” to facilitate easy access to information and can be easily integrated into corporate websites.