GDPR: the need for a mindshift
Between November 28th and December 7th, CFO Services' Data4S organized three Fast-Track Sessions on GDPR in Brussels, Antwerp and Ghent, focusing on the Data Flow, and the Legal & Security dimensions.
‘GDPR demands a mindshift,’ Data4S expert practice leader Toon Borré emphasized. ‘It’s highly improbable that any organization will be fully compliant by May 26th 2018, but it’s essential, almost mandatory, that everybody in the organization understands what GDPR is. It should be obvious to employees that clients, contacts, individuals have the right to control their personal data and that organizations must respect these rights. All organizations gathering or processing data from EU citizens are subject to GDPR.’
Here is a short event video of the GDPR Session in Ghent:
The mindshift is one thing. Acting accordingly is something else. Already during a 'simple' job interview, GDPR will have an impact on the processing of personal data that are ‘acquired’ during the interview. Active consent will be needed from the candidate to register, store and process his or her data. But GDPR’s reach is enormous. It involves all personal data an organization collected and processed in SAP, CRM-systems, fleet management, payroll, phone registers, all the way down to excel sheets on pc’s, working stations and usb sticks, containing personal data that employees collect and process.
GDPR compliance can only be reached by acting collectively. ‘Implementing GDPR is a team effort,’ Toon Borré says. ‘As of today, organizations must handle personal data differently.’
What you should do as of now:
- Make a risk assessment, mapping the risks you are exposed to, prioritizing which issue to tackle first. If you are a B2B company, employee data are probably your biggest priority. Develop an implementation plan.
- Make sure everybody in your company and all of your clients and contacts know you are taking GDPR seriously: issue a detailed GDPR statement, explaining what you have done when and to whom this was communicated
- GDPR is an ongoing process. Remain alert. Adjust your processes and data procedures on a permanent basis. Strive for continuous improvement.