Getting GDPR in order

Getting GDPR in order

Want to take your organization, your business, non-profit or healthcare service to the next level by implementing all GDPR or Privacy regulations? Then you can continue online with dpo associates. Applying the privacy rules is a matter not easily mastered by everyone, and the legislature is also particularly cumbersome about it.

That we had to be in order since May 25, 2018 is widely known, but where to start? What should be taken into account?

DA specialized to apply GDPR using Privacy by Design or data protection by design. This means ensuring optimal security in every processing of personal data, both in your office and in the online applications used to identify your organization.

How to get GDPR compliant online?

To get your GDPR File in order, we begin with an exploratory conversation. That way we can get to know each other and see what steps have already been taken.

Once everything is clear, a quote can be prepared to take your organization toward 100% compliance. We say focus the 100% because data is alive and an organization is always in flux. Thus, there are always changes internally regarding personnel or applications, and the GDPR File will become a file that is always subject to those changes.

Upon agreeing to the quote, we can begin!


It is important that both management and all staff be properly educated on the applications of privacy rules. Old habits like just giving documents to third parties or writing down login codes on a post-it bill and then attaching it to the bottom of a keyboard.

The whole team is going to become aware of how to deal with free Wifi connections and find it normal to use a unique password on their own mobile devices or laptops.

The processing register

After the initial interview, we will go over the organization with a questionnaire. The answers to this questionnaire will give us clarity on the following topics;

  • The purpose of processing
  1. Administration of staff and intermediaries

Recruitment and selection of staff and intermediaries. Administration of salaries, fees, commissions and wages. The application of social legislation.

2. Management of staff and intermediaries

Evaluation and follow-up of staff and intermediaries. Training and career planning.

3. Work planning

Task planning and follow-up, workload and performance.

4. Workplace control

Monitoring professional activity in the workplace via camera or computer systems such as monitoring emails, Internet usage, telephone,…

5. Customer Management

Client administration, management of orders, deliveries, billing for tangible and intangible services. Tracking solvency. Personalized marketing and advertising. Registering the clientele of a commercial business and profiling them based on purchases.

6. Combating fraud and customer violations

These are activities by which such acts can be prevented and detected.

7. Managing disputes

Management of disputes, including reimbursement of amounts to be claimed.

8. Supplier Management

Supplier administration. Management of specified orders, payment of suppliers. Prospecting potential suppliers and their evaluation.

9. Collection of donations

The records of an association’s donors. Prospecting new donors.

10 Public relations

This includes creating goodwill for the organization.

11 Technical-commercial information

The analysis of competitors and possible trading partners

12 Registration and administration of shareholders or partners

Maintaining a register of shareholders or partners. Administration of financial and other benefits due them.

13 Membership Administration

The records of members, volunteers and sympathizers of an association.

14 Security

Processing personal data to ensure the safety of persons or property. Please note that surveillance cameras are basically subject to the Act of March 21, 2007 regulating the placement and use of surveillance cameras (the Camera Act) and may not be declared through the current form.

15 Managing disputes

Managing own disputes by natural persons or private or public legal entities.

16 Protection of society, own sector or organization

Processing data concerning individuals who present a specific risk.

17 Taxes

The collection of taxes and activities related to them. Registering taxpayers, calculating, collecting and tracking taxes.

18 Grants

Grant making and related activities. Investigating beneficiaries, calculating, disbursing and following up on grants.

19 to 1.65

  • Purposes of governments
  • Justice and police purposes
  • Purposes of education
  • Purposes of culture and welfare
  • Purposes of social security
  • Purposes of health care
  • Scientific research
  • Banking, credit and insurance
  • Commerce
  • Other specific purposes

The categories of processing

1. Personal identification information.

Name, address, phone number, …

2. Identification data other than the national register number

Passport number, driver’s license number, pension number, license plate, …

3. Electronic identification data

4. Electronic localization data

5. Biometric identification data

6. to 82

  • Financial details
  • Personal characteristics
  • Physical data
  • Living habits
  • Psychological data
  • Composition of the family
  • Leisure activities and interests
  • Memberships
  • Judicial data
  • Consumption habits, health, heredity, …
  • Training and education
    • Profession and job
    • National registry number
    • Racial or ethnic data
    • Sexual life data
    • Political views
    • Trade association membership
    • Philosophical or religious beliefs
    • Image recordings, sound recordings

Processing grounds

1.DA finds out on what processing grounds the information may be processed such as consent.

2. A contractual agreement

3. A legal obligation

4. Whether it is of Vital Importance

5. A task of public interest

6. The legitimate interest

Technical and organizational measures

DA goes through the use of an IT Audit according to the
ISO27001 standards
uncover the current security of personal data in an organization and recommend additional solutions.

1. Cryptography

Systems are encrypted or scrambled

2. Physical security

Cabinets and doors containing personal data are locked or equipped with camera surveillance or alarm systems such as cabinets in the HR department.

3. Operational safety

Personal data is processed securely and destroyed when necessary.

4. Communication security

Electronic communications such as e-mail are provided with appropriate security measures.

5. System acquisition, development and maintenance.

Software systems are equipped with the necessary security measures to secure the information.

6. Supplier and processor relationships.

Were appropriate contracts entered into with processors?

7. Security incident and data breach management

Are systems in place to detect data breaches and procedures provided to report security threats?

8. Business Continuity Management

Potential threats should be identified and what the impact would be on the organization.

9. Compliance & Accountability

Regularly check for GDPR compliance.

iReto prepares a complete GDPR Dossier that allows any organization to pass a government audit and confirms optimal personal data security.

Hand over the GDPR obligations and DPO associates will become the communication link between your organization and the government.