Do you want to know what will change under the GDPR? Have a look at the website www.gdprbelgium.be. The most important new provisions are explained there. Moreover, we at Claeys & Engels pay frequent visits to this website to closely follow the new national legislation and/or regulations.
How can undertakings become completely “GDPR proof”? To this end, the following road map can be used:
Step 1: Map it!
Firstly, it is important that undertakings form a clear picture of all the data processing that takes place in their organisation, by country and by department (e.g., Sales or Marketing). All these processes must be thoroughly mapped. This can be done by means of a detailed questionnaire that gathers together information about, among others, the objectives, the period of preservation, the categories of processed data, if those data are transported to third countries, how data are protected.
Before you can start with this phase, it is best to appoint one or more responsible persons for this project. The answering of these questions will require team work and a good follow-up. Ideally, such a team should be composed of people from your Legal, HR and IT departments.
Step 2: Draw up an audit report!
On the basis of the answers given, a schematic report can be drafted in which the undertaking can immediately identify which areas are under control and which issues still need to be tackled.
Step 3: Draft the necessary documents and policies!
On the basis of the information that the report provides, the required documents and policies can be drafted. These might include the privacy notice, whether or not with permission, agreements with processors, standard contractual clauses for the transfer of data to third countries, the new register for processing, an ICT policy, a camera policy, a whistle-blower policy, a procedure in case of data being lost (data breach).
Step 4: Ready to implement!
Finally, the project must be spread out over the entire undertaking. Training will be crucial, tailored to the activity of the undertaking.
If you have not yet started with this, do note that time is pressing, given that each of the four steps is quite time-consuming.
We wish you good luck with this. The Claeys & Engels data protection team is always ready to assist you with this, together with our European colleagues of Ius Laboris.