GDPR – Where to start?

Great to hear you have decided to get your GDPR in order! Let us help you getting started.

In essence GDPR wants all businesses to pause for a second and reflect on what personal data they capture and for what purpose, and then document this in a privacy policy.

GDPR Processing activities – made simple

So pause for a moment, grab yourself a coffee and sit down to create a list of all things / activities / processing (GDPR calls them processing activities) you do that involves personal data. The easiest way to do this is to group them: first list those activities related to your customers, then those for your staff and finally list any data you share with suppliers or other third parties.

Having the listing of processes that use personal data really gets you more than halfway in getting your GDPR in order!

You can now use that listing to:

  1. review the processes with relevant colleagues and improve where needed so that:
    • you are aligned with the GDPR data minimisation principle i.e. use the least amount of data to achieve a business purpose
    • you have the right system and data security measures in place
  2. inform all those interacting with your firm on what personal data you process and why in the form of a privacy policy document. We recommend to have separate privacy policy documents for customers and staff.
  3. create your GDPR register. Along with your privacy policy, your GDPR register is another core document that GDPR insists you have available. Do check the website of your local regulator on what template they advise you to use and what information they require.

 

GDPR Software Solution for SME  – We have done the hard work for you

We love to help, so do check out our GDPRWise App as it already holds a listing of processing activities for over 25 sectors. We have done the hard work for you, you just need to validate and refine where needed. The GDPRWise App also generates your privacy policy and GDPR register in a single click based on the content in your online GDPRWise dossier.