Belgian Privacy Commission issues a 13 step plan for companies preparing for GDPR compliance
29/09/2016

Following a series of guidance published by fellow national DPAs, the Belgian Privacy Commission launched a 13 step GDPR-readiness roadmap to help companies processing personal data to start preparing themselves.

The Privacy Commission will also create a GDPR-themed section on its website where data controllers and processor can consult additional guidelines, instruments and frequently asked questions.

The 13 steps forming the roadmap for ensuring GDPR compliance by 25 May 2018 are:

1. Raising awareness

Inform key figures and policymakers on upcoming changes. They will have to assess the impact of the GDPR for the organisation.

2. Data mapping

Document which personal data you manage, where it comes from and with whom it has been shared. Map your data processing activities. You may potentially have to organize an information audit.

3. Communication

Evaluate your existing privacy policy and plan necessary changes in view of the GDPR.

4. Rights of the data subject

Verify whether the current procedures within your organisation provide all the rights granted by the GDPR to the data subject. Check how personal data can be erased or how personal data will be communicated electronically.

5. Access requests

Update your existing access procedures and think about how you will process future access requests under the new GDPR terms.

6. Legal basis for processing personal data

Document the various types of data processing by your organisation and identify the legal basis for each of them.

7. Consent

Evaluate your way of requesting, obtaining and registering consent. Modify where necessary.

8. Minors

Develop systems to verify the age of the individual concerned and request parental or custodial consent when processing personal data of minors.

9. Data breaches

Foresee adequate procedures to detect, report and investigate personal data breaches.

10. Privacy by design and privacy impact assessment

Get acquainted with terms such as “privacy by design” and “privacy impact assessment” and verify how you can implement these concepts in your organisation’s day to day operations.

11. Data protection officer

If necessary, appoint a data protection officer or someone responsible for ensuring compliance with data protection laws. Evaluate how this person will function within the management of your organisation.

12. International

Determine who is your supervisory data protection authority if your organisation is active in multiple jurisdictions.

13. Existing contracts

Evaluate your existing contracts – mainly with processors and subcontractors – and adopt the necessary changes in a timely manner.

Zie ook : DLA Piper LLP ( Mr. Patrick Van Eecke )


Click here to see the ad(s)

Laatste artikels van Mr. Patrick Van Eecke

Dynamic IP-addresses can be "personal data" says EU Court of Justice
20/10/2016

On October 19, 2016, the European Court of Justice decided on the question whether or not dynamic IP-addresses consti...

Read more

Cookies: Belgian Privacy Commission publishes official guidance
08/06/2015

Almost one year after the publication of the draft version, the Belgian Privacy Commission has recently issued the final v...

Read more

Europe’s Right to be forgotten: update on implementation guidelines
23/12/2014

In an earlier newsletter, we wrote that the Article 29 Working Party ("Working Party 29″) has adopted guidelines rel...

Read more

Connected Cars & Privacy: Automotive industry adopts consumer privacy principles
18/11/2014

Last week proved to be an important week for privacy and data protection in the US: while representatives of the European ...

Read more

LexGO Network