We work in 4 parts to guide businesses and organizations toward 100% GDPR-Compliancy;
Part 1: Purpose of your business or organization
Here we discuss what your company actually does, what business activities it employs here and in what way personal data flows in, where it is kept, who can view it and where else it is distributed.
Here we look at whether there is a risk for data breaches, the possibility of them and the damage that could possibly occur both financially and in terms of the organization’s reputation.
Part 2: Preparation of the processing register.
By creating the processing register, we get a clear picture of what data is being processed, how it is kept and possibly transferred.
This will identify all business or processing activities and determine the legal retention periods for each category of personal data, consider whether this information is inside and/or outside the EEA and whether there are any other recipients.
For certain activities, a risk analysis may be carried out to see if there is a risk to the processing of this data and whether additional technical and organizational measures should be taken.
Part 3: Raising awareness and contacting processors
It is not enough to just get your own organization in order, because if your subcontractors, customers or suppliers cannot guarantee the security of processing personal data, you are still nowhere.
In the GDPR guidance, we ensure the listing of all organizations that process personal data coming from your company or organization are contacted and monitored
The necessary documentation is created such as;
The processor agreement,
A privacy statement,
The data breach registry,
Procedure in case of data breaches
ICT implementation such as an SSL connection, Cookies, 2FA
General information for staff,…
Part 4: Monitoring and follow-up
A GDPR manual is the guide to securing your customers’ personal data, but every company or organization has a turnover of staff or implements a new software. In this way, it is necessary to perform an annual check whether, for example, access codes were changed in a timely manner.
The IT Scan according to the ISO27001 remains a must for every organization so that even hidden searches can be found. Who still has access to what data and was your connection not used for darkweb access e.g.?
E-marketing is an ever moving form of communication where every employee needs to be aware of and think about data minimization and this in a clean desk environment.