Does your company comply with the GDPR?
Privatum offers an answer to all your questions about privacy and data protection.
Rights of those involved
Do you inform your customers about the purpose of collecting personal data?
–
You have procedures for when customers request all their personal data.
–
If customers ask to delete all their personal data, can you guarantee that you can?
GDPR Principles
Are you sure that all personal data that you process has been obtained lawfully?
–
Do you only process the personal data that you need?
–
Are you sure that your personal data does not store longer than necessary?
Accountability
Have you appointed a DPO?
–
Do you perform data protection impact assessments?
–
Do you keep a record of the processing activities and do you update it?
Organizational measures
Are your employees aware of the GDPR?
–
Is privacy by default and design embedded in your company?
–
Is compliance regularly monitored?
–
Are privacy policies provided>?
Technical measures
Are your IT architecture and applications safe?
–
Do you apply rules regarding password strength and renewal?
–
Do you use anonymous data for test environments?
–
Are personal data encrypted when they are sent over the internet?
Risk concerning third parties
Do you check whether all your suppliers are GDPR compliant?
–
Do you have agreements regarding data breaches with your suppliers?
–
Do you know which third-party tools you send personal data to?
–
Do you transfer personal data outside the EU?
DPO as a service
The GDPR introduces a new role: the Data Protection Officer or Data Protection Officer. This role is mandatory when you regularly and systematically monitor data subjects or when you process sensitive personal data on a large scale. According to the GDPR, this role can be outsourced.
What are the benefits of an external DPO?
- No conflicting priorities or interests
- Cost saving
- Efficient
- Flexibility
GDPR compliance check
The GDPR requires you to prove your organization
- how those involved can exercise their rights
- that you fulfill your accountability
- that you respect the principles of the GDPRt
- which organizational and technical measures you take to protect personal data
- how to transfer the rights of the person concerned to other organizations, foreign branches and partnerss
To give you an idea of how you as an organization score on each domain, Privatum has developed a conformity check. This check results in a dashboard and a report with advice on improvements.
You can request a Privatum GDPR conformity check
- as a one-off audit to have an idea of the extent to which your organization complies
- as a one-off audit to have an idea of the extent to which your organization complies
This GDPR conformity check is included in our “DPO as a service” offer.
Rights of those involved
Accountability
Technical measures
GDPR Principles
Organizational measures
Risks related to third parties
Privacy Audit
In a privacy audit we conduct a thorough investigation into how you have implemented GDPR compliance in your organization.
Here are some examples of studies that we perform:
- We evaluate whether your processing register is complete, contains all required information and is up-to-date.
- We check your data protection impact assessmentss
- We discuss your privacy roadmap
- We examine how those involved can exercise their rights
- We check your organizational privacy procedures and investigate whether your employees know and follow these.
- We study your privacy policy
The result is an extensive report with our findings from each study, recommendation for improvement, and a list of non-conforming topics ordered by priority
Privacy consultancy
- to perform a data protection impact assessment on a new projectas
- a sparring partner for your DPO to strengthen your privacy team
- to share our best practices
- to organize awareness sessions for management and / or your employees
- to train your employees
- to help you monitor privacy policies and procedure
User rights assessment
The rights of those involved are the most important elements of the GDPR. In a user rights assessment, we present ourselves as a data subject and we test your employees and internal procedures when executing the law:
- to retrieve all personal data that is kept of a data subject
- to delete and exclude all personal data from further processing
- to revoke previous permissions
- to resist profiling
The result is a report with our findings and a list of possible improvements
ISO 27001 certification
In addition to the fact that ISO 27001 gives you a better picture of your information security and can then take the necessary steps, this standard is also strongly recommended in the NIS legislation.
Why ISO 27001?
- Reduce risks
- Prevent incidents
- Increase your reliability
- Lift your organization to a higher level
- Meet the requirements of (potential) customers
- Comply with European laws and regulations
- Constant improvement of your information security policy
- Commercial signboard that opens doors
Why Privatum?
KMO Portefeuille
Are you a Flemish SME? Then you are eligible to receive financial support if Privatum supports you in improving your privacy and data protection policy.
Ambition as a Privacy Consultant, Project Manager, Business Analyst, Functional Analyst …
As an employee or freelance?