- Griet Verfaillie
- GDPR , privacy , documentation requirement , Data protection officer , data protection , privacy audit , Privacy Commission , personal data breach , DPO
News
In less than a year before the entry into force of the General Data Protection Regulation
(GDPR), it is time to take action.
In the meantime, we are already very well informed that the GDPR will be implemented in one
year, on 25 May 2018.
In our previous articles, which have been the subject of a special edition of our Newsletter, we
already gave detailed comments on the new obligations deriving from the GDPR and the consequences
that this entails.
However, although the time has come when the theory has to be put into practice, this may not be
the cause of stress.
We consider that privacy and the GDPR are rather an opportunity for companies in order to achieve a
healthy treatment of the personal data and make their business grow.
Companies should be preparing the processes of thier companies in order to be compliant with the
provisions of the GDPR.
1. How to prepare and comply with the GDPR?
This includes, among other things, that you:
- comply with the documentation requirement;
- develop action plans to comply with the notification requirement;
- take steps to actively educate your staff;
- appoint, if necessary, a data protection officer;
- carry out an impact assessment of data protection.
More information regarding what is currently expected from your company, you can check out our
articles on which you can click at the bottom of this article.
In order to provide a concrete response to the GDPR, it may be useful to start conducting a
privacy audit. This will allow companies to determine the weaknesses and how to treat them.
Once all existing processing operations, data flows and protection measures have been identified,
companies can take the next step to implement the necessary measures to fill up the gaps and find
appropriate solutions.
In the following months, the Privacy Commission will develop additional guidelines relating to
consent, the records of processing activities, transparency, and other matters.
We will keep you informed about developments so that you will be in a position to make the
necessary adjustments.
2. Conclusion
As mentioned earlier, it is time to take action, but there is no reason to be panic.
The privacy commission does not intend to immediately impose "monster fines". It is
expected that it will firstly sensitize and warn companies. Everbody benefits from a clear and
effective privacy protection, with the sanctions not being an end in itself.
Once the privacy policy within your company is up to date, compliance with the GDPR causes few
problems, and you will be able to look forward with confidence to the date of 25 May 2018.
Our articles on privacy and the RGPD can be consulted by clicking below:
Notification obligation of a personal data breach
Would you like to learn more about this subject?
Contact our experts or telephone +32 (0)2 747 40 07
Koen de Puydt
Partner
