The General Data Protection Regulation (GDPR), in the face of digitalisation and the inflation of the market value of data, is a real challenge for companies to protect personal data. Its implementation requires considerable financial and human effort.
Do they not say that to reach a goal, it is better to join forces? The GDPR is no exception to the rule. The scope of this regulation 2.0 is so wide that we cannot neglect any sector.
Effective compliance requires a non-exhaustive set of actions. A logical sequence of steps could be:
Compliance begins with an internal audit of all the processing of personal data. The use of an external auditor is also an alternative in order to be guided and supervised.
As an inventory, a register will have to list:
• Each processing of personal data and the categories of data processed;
• the purposes of the treatment;
• the actors of the treatment;
• Origin and flows for the identification of non-EU transfers.
Organization and governance are the key words. In order to give the desired dynamic, all the actors of the company must be involved in the project. A reorganization of the business lines is required to incorporate the new imperatives, such as the creation of a new actor, the "data protection officer".
A real coaching is required because:
• Only the necessary data can be processed;
• Treatment must have a legal basis;
• Subcontractors must be properly supervised;
• The persons concerned must be able to exercise the rights conferred on them;
• Security measures must be put in place.
Each processing of personal data that constitutes a risk for the rights and freedoms of individuals must be the subject of a prior risk analysis.
From now on, “by design”, every project will have to protect the data. Companies will have to raise their employees' awareness, adapt their business processes and manage the exercise of the rights of the people concerned.
According to the Larousse definition, to conjugate is to "join things together, associate them".
We believe that, with its experience and expertise in the field, CTG PSF's GDPR team can be an effective partner to combine the compliance efforts of Luxembourg companies.
From left to right: Isabel Subirats Alvarado (Data protection consultant), Mathieu Born (data protection consultant), Olivier Destenay (business line manager test) and Sonia Ziane (data protection consultant) in CTG Luxembourg PSF.
(Photo : CTG Luxembourg PSF)
By Camille Titolet
Does the way we deal with talent appeal to you? Then quickly apply for one of our job openings. Who knows, you may well be our newest colleague.Find the right job here