Global Data Protection Regulation (GDPR)
The General data protection Regulation (GDPR) is effective since 25 may 2018. What have you done to actually protect the personal data you manage in your business after the "hype" of the first few months?
What do you really need to do?
The word "protect" should not only be taken literally, but refers to much more subject: access management (which has access to data), security (is my password procedure OK, is my network protected?), protecting the rights of People (how do they know that you have their data, and what you do with the data, protecting the privacy of your employees as they often use their professional PC to keep private photos. This is possible of course but you have to defines clear conditions....
There is so much personal data processing in a company that for Reflexy, the most important step Is the drafting of a comprehensive detailed inventory. We call it The GDPR Registry. More information's are included in this document, the better the GDPR directives can be understood by the employees and set up in your company . And only if we really know what you have as personal data that you can also decide to choose the right lawfulness between the 6 existing possibilities. This must be done for each treatment.
A very important element is also the rights of the people themselves. How can we conceive an optimal procedure if we does not really know witch software is used to processed the data, or according to which procedure ? Your data remains in Europe or not? Don't forget your back-up during this reflection. Didn't you ever use a Dropbox, One Drive or G Drive disk for backing up files? This is allowed of course but it will have an impact on communication to your customers...
Reflexy can help you.
Reflexy has Certified Data Protection Officers (DPO) from The Data Protection Institute in Mechelen. At Reflexy we focus on medium-sized organizations, SMEs, non-profit organizations, health professionals (physicians, dentists, physiotherapists).... Anyone who wants to get in order without having to spend a fortune.
Have you taken the step to really do something for the data protection in your company, association, practice, contact Reflexy today for a specific targeted support! We will first make a quick analysis of your GDPR needs, and this « Quick Scan » will serve as the basis for starting your Registry. This can take a short or long period of time, depending on the number of treatments. Once the list of all existing treatments is established, Reflexy can help manage the different aspects of the lawfulness, or security items, or information issues, the rights of data subjects, risk analysis, international transfer, etc. Always at your rhythm, within your budget.