Skip to content
Search
EN
← Search

What work plan for Syntec Numérique’s compliance with the RGPD or GDPR?

20 Mar 2018
0 minutes reading

What are the general objectives?

We defined a work plan bringing together a set of documents we had drawn up to monitor Syntec Numérique’s progress towards compliance, and to ensure traceability of the actions taken.

The mapping of treatments and practices, based on the job descriptions and interviews organized by our project manager with each employee identified in advance, should be completed by the end of February. It’s relatively straightforward, although time-consuming and somewhat tedious. And yet the processing carried out by Syntec Numérique is far from being comparable with that carried out by other companies.

The data processing register will then be implemented. This is one of the areas of the work plan that has yet to be fully defined in terms of form, content, input method and regular updating, but it is essential since it forms the basis on which we will determine many of the actions to be taken.

The legal framework involved taking stock of all our contracts with suppliers and preparing amendment negotiations to take into account the measures provided for by the RGPD in this area. For Syntec Numérique, the service providers concerned are mainly those providing services that relate to our information system and tools: CRM, website, collaborative tool, infrastructure and hosting.

Internal policy has also been reviewed and we have already identified around ten procedures to be modified or created. For example, modifying our disclosures or establishing an internal RGPD charter (policy and code of conduct).

Last but not least, the tasks relating to the security of our information system were listed. Even if we had thought about implementing rules and tools to ensure the security of our information system, there are still actions to be taken. For example, we need to draw up a procedure for detecting, processing and notifying potential personal data breaches, or document the security procedures of our subcontractors. We will then regularly organize security audits including RGPD regulations to test the robustness of our security and the vulnerability of personal data managed by Syntec Numérique.

To conclude?

What seemed simple enough at first turns out not to be more complicated, but simply more time-consuming in terms of preparation and execution. So our advice: don’t delay!