0:00 / 0:00

Stéphane Secco

The GDPR, a real challenge

April 10, 2018

The General Data Protection Regulation (GDPR), in the face of digitalisation and the inflation of the market value of data, is a real challenge for companies to protect personal data. Its implementation requires considerable financial and human effort.

Do they not say that to reach a goal, it is better to join forces? The GDPR is no exception to the rule. The scope of this regulation 2.0 is so wide that we cannot neglect any sector.

Effective compliance requires a non-exhaustive set of actions. A logical sequence of steps could be:

1. Analyze
Compliance begins with an internal audit of all the processing of personal data. The use of an external auditor is also an alternative in order to be guided and supervised.

2. List
As an inventory, a register will have to list:
• Each processing of personal data and the categories of data processed;
• the purposes of the treatment;
• the actors of the treatment;
• Origin and flows for the identification of non-EU transfers.

3. Organize
Organization and governance are the key words. In order to give the desired dynamic, all the actors of the company must be involved in the project. A reorganization of the business lines is required to incorporate the new imperatives, such as the creation of a new actor, the "data protection officer".

4. Supervise
A real coaching is required because:
• Only the necessary data can be processed;
• Treatment must have a legal basis;
• Subcontractors must be properly supervised;
• The persons concerned must be able to exercise the rights conferred on them;
• Security measures must be put in place.

5. Mitigate
Each processing of personal data that constitutes a risk for the rights and freedoms of individuals must be the subject of a prior risk analysis.

6. Evolve

From now on, “by design”, every project will have to protect the data. Companies will have to raise their employees' awareness, adapt their business processes and manage the exercise of the rights of the people concerned.

According to the Larousse definition, to conjugate is to "join things together, associate them".

We believe that, with its experience and expertise in the field, CTG PSF's GDPR team can be an effective partner to combine the compliance efforts of Luxembourg companies.

From left to right: Isabel Subirats Alvarado (Data protection consultant), Mathieu Born (data protection consultant), Olivier Destenay (business line manager test) and Sonia Ziane (data protection consultant) in CTG Luxembourg PSF.

(Photo : CTG Luxembourg PSF)

By Camille Titolet

First Job as Consultant?

Have you set your mind on your very first job? Welcome to CTG. We have already helped many school leavers take their first professional steps. What can you expect from us? A lot of interesting and challenging opportunities and the necessary training to learn as much as you can in a short period of time. That way you can really boost your career.

How we'll support you

Copyright © 2019 by Computer Task Group, Inc. All rights reserved.
Cookie Policy | Sitemap | Privacy & Security