Step-by-step Guide – GDPRWise – GDPR compliance software solution for the SME
This is a step-by-step guide for the individual company on how to get the most out of GDPRWise and as effectively as possible get their GDPR in order.
If you are a reseller, we have created a dedicated runbook for you, and you can download it here.
Although you can tackle things in any order really, we suggest you follow the below 5 steps to get your GDPR in order using GDPRWise. No need to tackle all 5 in one sitting, feel free to take your time, reflect and refine where needed before pushing the generate policy button 🙂
GDPRWise Guide
1. List all processes that handle Customer data
In “My Customer Dossier” you should list all the interactions with your customer (we call those processes) that handle personal data. By doing so you can communicate to your customers what personal data of theirs you use and why and give them confidence their data is handled with care.
Based on your sector we tried to already add those processes and systems we are pretty sure you are running and suggest some more at the bottom for you to consider to add. We suggest you open up the software you use day to day to interact with your customers to make sure you don’t overlook anything.
2. List all processes that handle Staff data
In “My Staff Dossier” you should list all the processes that handle personal data. By doing so you can communicate to your staff what personal data of theirs you use and why and give them confidence their data is handled with care.
Even if you do not have any staff, do have a look at our suggestions in the Consider Adding section in order not to overlook anything. For example you might want to add interactions with independent contractors or company officers which also process personal data.
3. List all processes where you share data with Third Parties
Oddly enough you share more data than you might realise. On a daily basis your company collaborates with others: suppliers, contractors, accountants, lawyers etc. and in doing so you share personal data. Similarly you are probably using a few cloud based software solutions to help you run your firm: to manage your sales pipeline, to help manage your invoicing, to help manage your appointment or reservations etc. Because the data you record on those systems resides on the software providers servers you are in effect sharing data with those parties.
List all processes where your firm takes the initiative to share personal data and capture the details of the Third Party you are sharing the data with. GDPR requires that all sharing of personal data is documented and that both parties agree to handle the data in a GDPR compliant manner. If you allow it GDPRWise can send out a request for the Third Party to agree to a standard data sharing agreement for the process you captured to cover of this requirement.
We have created a dedicated knowledge base item to help you with this step. Check it out here.
4. Results! Download your privacy policies
Once your GDPRWise dossiers accurately reflect the reality of processes and data items within your firm, you can go to the GDPR Documents section and generate your privacy policies; well done you!
When you subsequently make changes to your dossier the policy Generate button will turn orange again to alert you you should generate a new version. Don’t worry, all previous versions are nicely stored for you and are only a click away. Similarly we will alert you if we would make some changes to the document template due to changes in the regulatory landscape.
We recommend you generate your GDPR Register to discuss with colleagues and validate its accuracy and completeness. If the regulator would approach you this is likely the first document they will ask for.
5. Publish & Reference your policies
GDPR insists on you having a documented privacy policy SO YOU CAN USE IT TO INFORM PEOPLE. Before people do business with you they should be able to consult your privacy policy and decide if they are willing to share their personal data with you. So publish your privacy policies and make reference to them in your communications. The preview of the policies has guidelines on how to implement those policies.
We also recommend you perform a mailing to your customers to inform them you value their privacy and have a new and improved privacy policy in place. Feel free to give GDPRWise some credit 🙂
6. Security & Rights
Yes we did say 5 steps, but that was get to your all important GDPR documents. We just want to stress again that GDPR also requires your firm to handle personal data in a secure manner AND GDPR gives a number of rights to your data subjects; and the privacy policy you generated states your firm does exactly that. So do consult our knowledge base on those two topics or seek professional help (we can refer you if needed) to ensure your firm is meeting those requirements as well.
