What is the RGPD?
The RGPD or General Regulation on the Protection of Personal Data will come into force on May 25, 2018. It will cover the personal data of each and every one of us. That is, all information that makes it possible to identify or characterize an individual. It’s therefore wide-ranging and will force many companies, administrations or associations to comply. As a trade association, Syntec Numérique collects or holds information on its members and employees who work for the association.
It’s therefore a good case study for understanding the stages and implementation of this much-discussed regulation. And rightly so, because beyond the almost moral obligation to protect personal data, the penalties for non-compliance can be very substantial. Hence the excitement, which will no doubt continue after May 25, as each entity concerned will have to be able to prove at any time that it is in compliance with the regulation. And here again, this principle is new.
Where to start?
Within Syntec Numérique, an inventory is currently being carried out to identify all the personal data present in our information system relating to members: their names, addresses, requests, consultations. The inventory will also include data relating to employees: social security number, home address, date of birth….
Finally, this approach in its first stage is quite similar to that adopted as part of our quality plan, of which we are very proud.
What’s next?
A map of all processing operations will be drawn up. We are also in the process of identifying the questions we need to ask ourselves: what impact will this have on our CRM? What are the rules for data archiving, for example?
This step will be the subject of a future post here, because ultimately the implementation of the RGPD in an organization like Syntec Numériquewill involve several episodes and then will undoubtedly continue for a long time!
