info
Teamviewer
On 25 May, the new EU Data Protection Regulation (GDPR) will come into force, bringing a major update to administrative procedures. It will fundamentally change the rules under which a company can collect and manage data.
As a software company working in the fields of HR and security, DSK Systems is highly concerned by this regulation. Not only do we have to ensure that our own procedures comply with the new regulations, but we also have to adapt our software.
You have probably heard about the GDPR, as there are so many articles being released about it. Rather than being overwhelmed by this slew of information, we offer you 5 ‘tips’ that we have tested to help you prepare for the impending change.
Get informed!
Grow your knowledge through information conferences offered by the NCDP, but also through very well-made tools that provide you with a wealth of information at the click of a button. This includes the NCDP’s brochure on protection obligations, its preparation guide, which summarises how to best prepare yourself in 7 steps, and finally, the French CNIL’s website.
Involve your employees
The GDPR also impacts the rights of your employees. If they are involved from the start, they will be more receptive to the purposes of the data processing procedure and will provide you with essential help in drawing up the list of your processing operations (e.g. firewall logins, files received by the support department, details of calls on company mobile phones).
Find easy-to-use templates
In addition to the NCDP’s very comprehensive tools, there are also easier and more practical templates for the registering of processing operations on the CNIL website. If you are handling sensitive processing operations, you will further need to draw up Privacy Impact Assessments. Here again, the CNIL offers a simple PIA tool to help structure this effort.
Request a third-party opinion… at no extra cost
From 25 May, the NCDP’s role will be limited to that of validator. While different actors from the world of auditing services, HR, IT or lawyers can offer you services focused around the GDPR, there is another less expensive way: a GDPR audit, which shows you the points to improve, whilst allowing you to keep control of the implementation of necessary changes. And if you have specific questions, it is often possible to contact one of your service providers, in connection with the GDPR, to get their opinion at no extra cost.
Stay pragmatic
The purpose of the GDPR is to strengthen the rights of individuals, not to bankrupt you. Don’t focus too much on details, but rather think about how this data is useful to you. It may be worthwhile to think first about the impact that a loss or dissemination of data would have on the individuals concerned. If it is negligible, the priority of processing them remains low.
Think positive… the GDPR can also be a good opportunity to free up disk space and clean up your systems!
If you have any questions about the GDPR efforts at DSK Systems, please do not hesitate to contact us.