We work in 4 parts to guide companies and organizations towards the 100% GDPR Compliance;
Part 1: Purpose of your company or organization
Here we discuss what your company actually does, which business activities it applies here and how personal data flows in, where it is stored, who can view it and where it can be distributed again.
Here we look at whether there is a risk for data breaches, the possibility of this and the damage that may occur in both the financial and reputation areas of the organization.
Part 2: Preparation of the processing register
By drawing up the processing register, we get a clear picture of what data is being processed, how it is stored and possibly passed on.
In this way, all business or processing activities are mapped and the legal retention periods are determined per category of personal data, whether this information is located within and / or outside the EEA and whether there are other recipients.
For certain activities, a risk analysis can be carried out to see whether there is a danger of processing this data and whether additional technical and organizational measures must be taken.
Part 3: Raising awareness and contacting processors
It is not enough just to get your own organization in order, because if your subcontractors, customers or suppliers cannot guarantee the security of the processing of personal data, you are nowhere.
In the GDPR guidance we ensure that lists of all organizations that process the personal data coming from your company or organization are contacted and checked
The necessary documentation is created such as;
The processor agreement,
A privacy statement,
The data breach register,
Procedure for data breaches
IT implementation such as an SSL connection, Cookies, 2FA
General information for staff, …
Part 4: Control and follow-up
A GDPR manual is the guideline for protecting the personal data of your customers, but every company or organization has a staff turnover or implements a new software. In this way it is necessary to perform an annual check whether, for example, access codes have been changed in time.
The IT Scan according to ISO27001 remains a must for every organization so that hidden searches can also be found. Who still has access to which data and was your connection not used for access on darkweb bvb?
E-marketing is an ever-moving form of communication that every employee should be aware of and should think about data minimization in a clean desk environment.