Step-by-step Guide – GDPRWise – GDPR compliance software solution for the SME
This is a step-by-step guide for the individual company on how to get the most out of GDPRWise and as effectively as possible get their GDPR in order.
If you are a reseller, we have created a dedicated runbook for you, and you can download it here.
Although you can tackle things in any order really, we suggest you follow the below 5 steps to get your GDPR in order using GDPRWise. No need to tackle all 5 in one sitting, feel free to take your time, reflect and refine where needed before pushing the generate policy button 🙂
1. List all processes that handle Customer data
In “My Customer Dossier” you should list all the interactions with your customer (we call those processes) that handle personal data. By doing so you can communicate to your customers what personal data of theirs you use and why and give them confidence their data is handled with care.
Based on your sector we tried to already add those processes and systems we are pretty sure you are running and suggest some more at the bottom for you to consider to add. We suggest you open up the software you use day to day to interact with your customers to make sure you don’t overlook anything.
2. List all processes that handle Staff data
In “My Staff Dossier” you should list all the processes that handle personal data. By doing so you can communicate to your staff what personal data of theirs you use and why and give them confidence their data is handled with care.
Even if you do not have any staff, do have a look at our suggestions in the Consider Adding section in order not to overlook anything. For example you might want to add interactions with independent contractors or company officers which also process personal data.
3. List all processes where you share data with Third Parties
Oddly enough you share more data than you might realise. On a daily basis your company collaborates with others: suppliers, contractors, accountants, lawyers etc. and in doing so you share personal data. Similarly you are probably using a few cloud based software solutions to help you run your firm: to manage your sales pipeline, to help manage your invoicing, to help manage your appointment or reservations etc. Because the data you record on those systems resides on the software providers servers you are in effect sharing data with those parties.
List all processes where your firm takes the initiative to share personal data and capture the details of the Third Party you are sharing the data with. GDPR requires that all sharing of personal data is documented and that both parties agree to handle the data in a GDPR compliant manner. If you allow it GDPRWise can send out a request for the Third Party to agree to a standard data sharing agreement for the process you captured to cover of this requirement.
We have created a dedicated knowledge base item to help you with this step. Check it out here.
4. Results! Download your privacy policies
Once your GDPRWise dossiers accurately reflect the reality of processes and data items within your firm, you can go to the GDPR Documents section and generate your privacy policies; well done you!
When you subsequently make changes to your dossier the policy Generate button will turn orange again to alert you you should generate a new version. Don’t worry, all previous versions are nicely stored for you and are only a click away. Similarly we will alert you if we would make some changes to the document template due to changes in the regulatory landscape.
We recommend you generate your GDPR Register to discuss with colleagues and validate its accuracy and completeness. If the regulator would approach you this is likely the first document they will ask for.
5. Publish & Reference your policies
6. Security & Rights