Conduct an internal audit of your data process
Before taking action, you need a clear picture of all the processes in place in your organization. You have to list them all, including the type of personal data concerned, the department and people who handle, process, store, access this data. The first step is therefore to analyse you current data security situation.
Efficy’s Solution : the GDPRank
Efficy will soon enable you to analyse, online and for free, your current situation. You will know to which degree your company is at risk concerning the GDPR compliance. By answering a few questions, you will be given a better picture of the measures you need to take to be fully prepared by May 2018. The GDPRank will soon be available here.
This step is crucial when it comes to GDPR compliance. At this stage, you need to come back to your audit and take an analytical look. The idea is to reduce the damage some data processes could cause. You need to identify the risks of each of your data processes and take action to reduce them.
Once you have come up with internal risk management processes, make sure you document them all to protect your organization in case of control by dedicated authorities.
Data Privacy Impact Assessment
In the coming months, Efficy will put into place its Data Privacy Impact Assessment service. It has to do with a consulting service provided by an expert in data protection. This expert will conduct an internal audit of your data process and make appropriate recommendations that will help your organization take the right decisions. The complete description of the service will soon be available here.
Finally, Efficy will also allow its customers to use what is called a Shared DPO (data protection officer), a consultant that will help your company from a technical point of view. You do not need a full-time DPO, this is why this shared consultant will bring flexibility, control and security to your company when it needs it the most. The description of the service will soon be available here.
Stored data needs to be checked regularly to ensure their up-to-date status. If this data is no longer used, a data suppression process must be implemented..
Efficy’s solution: Data Cleansing Service
A data cleansing subscription will soon be ready for clients willing to delete, archive all inactive, old-dated data. In that way, you guarantee data cleanliness and avoid any data breach. Discover soon this added-value service here.
Give access to data
In accordance with the GDPR, measures shall be taken to allow data subjects to access their personal data in order to edit, modify or even delete them.
Efficy’s solution: GDPR Direct Data Access (DDA)
Thanks to a secured data access, people subjected to the GDPR will be allowed to gain access to their personal data in order to edit, modify or delete their data or preferences. More information about this module will shortly be issued here.