Mise en conformité RGPD - GDPR Compliance

RGPD stands for Règlement général sur la protection des données : french equivalent of GDPR

Guidance on GDPR compliance

The General Data Protection Regulation (GDPR) has profoundly disrupted the legal framework applicable to Data Protection throughout European Union since May 2018.

As part of the compliance process, companies are required to change their organization, processes, business management, information system and communication policy.

The firm has created a 4-step method, with a risk-based approach.

 

Your benefits

  • contain the risk of non-compliance with GDPR
  • enhance the value of your data assets
  • maintain your competitive edge and make compliance a driver for your business

Your guarantees

  • a pragmatic and transversal risk-based approach, prioritized based on the company’s size, its activity’s specificities and its business constraints
  • a guidance based on a method tested and operational in 4 steps
  • a recognized legal and technical expertise (Florence Ivanier is a DPO certified by the University Paris Dauphine, 2019)
  • the firm is an External DPO, appointed by several groups to the CNIL (French Regulator)

 


Our 4 steps method

1. Transversal evaluation

  • personal data mapping
  • identification of the applicable qualification: controller, joint controller or processor
  • Evaluation of the technical and organizational measures taken with respect to the personal data processing

Deliverables : evaluation – list of GDPR compliance deviations

2. Set up of a road map

  • roadmap
  • arbitration with the company’s representatives
  • prioritization according to the risk, the size of the company and its business constraints.

Deliverable : prioritized roadmap

3. Accountability

  • assistance in the choice of a compliance software , if needed
  • applicability of a Privacy Impact Assessment
  • drafting of the compliance deliverables required by GDPR

Deliverables :

  • register of the processing operations
  • privacy policy
  • cookie policy
  • information notices
  • IT charter
  • Privacy by design & by default compliance of the company’s commercial offers
  • assistance in the implementation of a Privacy Impact Assessment (PIA)

4. Deployment of compliance measures

  • awareness raising on data protection among the company‘s employees
  • retention time workshop
  • implementation of new governance rules
  • data breach detection process; incident management process
  • management of data subjects’ rights (access, rectification, deletion, portability, etc.)
  • consent management (cookies, opt-in)