Skip to content
Search
EN
← Search

How is Syntec Numérique finalizing its RGPD compliance?

17 Apr 2018
0 minutes reading

What are the final steps?

In previous articles, I have outlined our journey to ensure that Syntec Numérique is up to speed with the RGPD in May 2018 :

How to comply?

How do I get started?

Which work surface?

How do you create a data processing register?

We are now in the home stretch with 3 actions to complete:

  • To further clarify our data processing register,
  • Review contracts with our subcontractors to include the RGPD,
  • Carrying out a security audit taking into account the RGPD aspect

For the data processing register :

To finalize it, we are in the process of specifying each processing purpose. We have found that sometimes we need to go further in the description to better visualize the processing we carry out. This will enable us to confirm or revise the rules associated with this data: retention periods, for example, and the provision of information to data subjects.

For suppliers :

We have compiled an exhaustive list of all our suppliers who provide services for the operation or support of our information system.

So now it’s a matter of getting some of them their new general terms and conditions of sale that take the RGPD into account. We’re going into more detail with our CRM supplier to set up a workshop to automate the procedures that will enable us to ensure our compliance with the personal data aspect. The aim is to provide our CRM provider with precise instructions with regard to our capacity as data controller.

This work with our service providers to implement the RGPD has also enabled us to identify other related points to address: for example, signing confidentiality agreements with some of our service providers to further strengthen the level of trust between the two parties.

For the safety audit :

We have selected a service provider to carry out a technical and organizational audit of our information system, covering in particular :

  • A global analysis of our safety levels
  • Intrusion tests on our websites
  • Configuring key components of our IT system

This essential phase of RGPD compliance will enable us to identify, at the end of this audit, any risks with regard to RGPD and then define action plans to reduce or even eliminate all these risks.

To conclude:

We managed this Syntec Numérique RGPD compliance project over 5 months. Even if most of the work has been done in this time, we know that we need to continue to improve certain aspects. The RGPD still needs to become a reflex for everyone concerned in our team. When we implemented the Quali’op approach (quality certification), the same was true, and it took 12 months for the quality culture to be fully anchored.