How to comply with GDPR

A little over two years have passed since the GDPR came into effect; two years is both very short and very long. Very short for successfully implementing the organisational, technical and legal transformations needed for compliance, and yet very long with its share of new data, new tools, new processes and stakeholders.

In short, two years is the ideal time to refresh your awareness of GDPR and review your compliance and the steps needed to achieve it.

And while this may seem daunting or painful, it is important to remember that more than a legal obligation, compliance with the new data protection regulation promotes the virtuous development of companies' digital activities.

The implementation of practices, tools, and processes for GDPR compliance should be seen as an opportunity, and it is in this spirit that we offer you 5 steps to strengthen your compliance.

1. Audit the existing situation

To begin GDPR compliance, it is advisable for any organisation, whether a small or large business, to conduct an audit of their current situation.

This will allow you to identify, among other things:

the practices in place
The stakeholders concerned by data processing
the categories of data processed
the objective being pursued and the people or services accessing the data
data sources, media
the current privacy policy
consent management

Our council : Establish a checklist for your audit and don't hesitate to revisit your document regularly to verify that new tools, collaborators, or practices have been correctly identified.

2. Compile a register of processing activities

The second step is to draw up a record of processing activities (required for any organisation processing personal data: Article 30 du RGPD

This register, under the responsibility of the company's data controller, helps to facilitate access to all of a company's files and processes and brings together a number of pieces of information for the various activities that are subject to data collection and processing. (Source: CNIL)

Stakeholders involved in the processing of data internally or externally
The categories of data processed
What is this data used for?
Who accesses the data and to whom it is communicated
How long do you keep them
How are they secured

Our council Feel free to use the register template provided by the CNIL, which will allow you to be as exhaustive as possible: https://www.cnil.fr/sites/default/files/atoms/files/registre_rgpd_basique.pdf

3. Map and sort your data

Data mapping is an essential step not only for complying with GDPR but also for having a clear understanding of your data capital, your black gold: what data do you have, do you use it, and what added value does it bring you?

Data mapping will allow you to have an overview of your data, with, for each piece of data collected, a description of its composition, its purpose, and the processing carried out, ...

This mapping is your best ally for optimising your data processing practices as well as your compliance with GDPR.

Thus, you will be able to determine if the data collected and its granularity are actually necessary for the proper functioning of your business and proceed with a sorting to isolate that which you can collect, that which you must no longer collect, or data in another format.

To do this, simply ask yourself what data you have:

Are the processed data necessary for my activity?
Is the data processed sensitive? If so, what are the key points to consider?
Who has access to this data?
What is the data retention period?

Our council Make the most of this mapping to implement a Privacy by Design & Privacy by Default approach, by considering how to limit the data collected and its format as much as possible., the key to moving on Smart Data 100% RGPD compliant!

4° Respect the rights of individuals

Compliance with GDPR involves clear and transparent communication about the reason for collecting and processing data. To this end, each time personal data is collected, it is necessary to specify, among other things:

The purpose of data collection
The legal basis that authorises companies to process data
The parties with access to this data
The data retention period
The modalities under which the data subjects can exercise their rights
The country that maintains the level of data protection
….

As consent is at the heart of the GDPR, you will need to obtain the consent of the people concerned for certain processing operations.

The GDPR strengthens the rights of individuals, granting them several entitlements that allow them to have greater control over the actions taken with their data:

The right of access
The right of rectification
The right to object
The right to erasure
The right to portability
Or the right to restrict processing

Our council For greater ease, you can provide a first level of information on the collection forms and go into detail by sending your confidentiality policy to your contact.

To process requests from contacts regarding their data efficiently and promptly, it is important to automate the processing of these requests as much as possible. Solutions such as SmartProfile propose via APIs to handle all or part of these requests.

5° Securing your data

Taking the necessary steps to ensure data security is one of the most strategic points for GDPR compliance. Indeed, securing personal data helps guarantee the integrity of that data, by minimising the risks of its loss.

This approach involves measures that are both technical and organisational. Raising awareness and training employees who handle data are also key elements in data security.

The security aspect involves a large number of stakeholders within the company's ecosystem, both internally across different departments and externally. It is therefore essential during the audit to correctly identify all stakeholders and the practices in place to optimise them.

Our council : Consider questioning your suppliers and partners about their data protection policy to ensure your data is hosted on secure infrastructure within the EU with regular backups.

Beyond legal obligations, defining a data protection policy is now essential to ensure an ethical and transparent approach to the collection and processing of data concerning the stakeholders involved. This approach will allow you to build long-term trust with your clients and, more generally, your colleagues.

Process the potential of your data
and make the right decisions to take action.

Request a demo

Prepare for the Black Friday rush with Smartprofile!
1. Mysterious teasing Before the D-day even arrives, generate [...]

Read more
The order governing direct marketing published in the Official Journal
The order published on 26 August 2011 in the Official Journal by [...]

Read more
How Artificial Intelligence helps you optimise your Marketing Automation strategy
With the advent of ChatGPT, AI has taken a prominent place [...]

Read more
5 essential Marketing Automation scenarios to get you started!
In the ever-evolving world of digital marketing, the [...]

Read more
Halloween: Avoid email marketing nightmares with Smartprofile!
Read more
Why the arrival of iOS 15 is a small (r)evolution for email marketing
Since Monday 20 September 2021, it's here! #iOS15 [...]

Read more
Why do I highlight my unsubscribe link?
The size and responsiveness of the contact base [...]

Read more
Understanding Attribution in Web Analytics and Optimising Your Acquisition Levers
The acquisition of new prospects and clients is central to the [...]

Read more
Boost the effectiveness of your email marketing campaigns with social media – Part 2
We suggest you find the rest of it now [...]

Read more