Privacy and the GDPR in your company

It is time to take action

News In less than a year before the entry into force of the General Data Protection Regulation (GDPR), it is time to take action.

In the meantime, we are already very well informed that the GDPR will be implemented in one year, on 25 May 2018.

In our previous articles, which have been the subject of a special edition of our Newsletter, we already gave detailed comments on the new obligations deriving from the GDPR and the consequences that this entails.

However, although the time has come when the theory has to be put into practice, this may not be the cause of stress.

We consider that privacy and the GDPR are rather an opportunity for companies in order to achieve a healthy treatment of the personal data and make their business grow.

Companies should be preparing the processes of thier companies in order to be compliant with the provisions of the GDPR.

1.    How to prepare and comply with the GDPR?

This includes, among other things, that you:

  • comply with the documentation requirement;
  • develop action plans to comply with the notification requirement;
  • take steps to actively educate your staff;
  • appoint, if necessary, a data protection officer;
  • carry out an impact assessment of data protection.

More information regarding what is currently expected from your company, you can check out our articles on which you can click at the bottom of this article.

In order to provide a concrete response to the GDPR, it may be useful to start conducting a privacy audit. This will allow companies to determine the weaknesses and how to treat them.

Once all existing processing operations, data flows and protection measures have been identified, companies can take the next step to implement the necessary measures to fill up the gaps and find appropriate solutions.

In the following months, the Privacy Commission will develop additional guidelines relating to consent, the records of processing activities, transparency, and other matters.

We will keep you informed about developments so that you will be in a position to make the necessary adjustments.

2.   Conclusion

As mentioned earlier, it is time to take action, but there is no reason to be panic.

The privacy commission does not intend to immediately impose "monster fines". It is expected that it will firstly sensitize and warn companies. Everbody benefits from a clear and effective privacy protection, with the sanctions not being an end in itself.

Once the privacy policy within your company is up to date, compliance with the GDPR causes few problems, and you will be able to look forward with confidence to the date of 25 May 2018.

Our articles on privacy and the RGPD can be consulted by clicking below:

Notification obligation of a personal data breach

The Data Protection Officer (DPO)

The EU-US Privacy Schield

How to exercise your right to be forgotten?

Would you like to learn more about this subject?

Contact our experts or telephone +32 (0)2 747 40 07
Koen De Puydt

Koen De Puydt