Data Protection Law - GDPR
Data: An Asset to Capitalize on
Since May 2018, the General Data Protection Regulation (GDPR) defines the legal framework applicable to any business, association, or local authority that uses personal data. GDPR compliance helps protect against internal failures, secure relationships with partners, build trust with clients and employees, and avoid any CNIL sanctions.
External DPO
If your company manages personal or large-scale data, you need legal and technical support. An external data protection officer (external DPO) can help you ensure compliance. The external DPO shares with you the experience he or she has developed with a wide range of clients, and enables you to leverage this experience within your company. In this way, he brings your company the peace of mind that only an external, independent service provider can offer. It creates the conditions for integrating privacy by design and enables you to adjust your practices (best practices).
One-off compliance audits
Many players have achieved RGPD compliance using their own internal IT resources or their usual IT maintenance provider. But compliance is a process made up of steps that are all essential, some of which require solid legal skills. Analyzing the role of stakeholders and mapping personal data are among these essential steps. Company life constantly creates gaps between the personal data register, a static document, and the reality of personal data processing. A one-off audit can ensure RGPD compliance.
GDPR and partner relations
The GDPR also defines the relationships between partners in the management of personal data, including the roles of joint data controllers or processors. These relationships are particularly important and monitored by the CNIL. You need to determine the purpose of processing, its legitimacy, document your own compliance, and ensure that your subcontractors or partners actually comply with the RGPD. In this respect, you can demand RGPD guarantees that go beyond a simple standard contract, and impose clauses enabling feedback or regular audits on data security.
Data Collection
The RGPD clarifies your obligations towards your partners. It also enables your marketing departments to structure your collection and management of prospect or customer data. New technologies, privileged partnerships and structuring the collection and processing of personal data are essential tools for using this European regulation as a structuring framework and adopting finer, more relevant data management adapted to Big Data.
Constant support
CDW Avocats can assist you with the following RGPD assignments:
- GDPR Compliance
- Assessment and gap analysis
- Drafting of subcontractor/manager contracts
- Setting up an action plan for GDPR compliance
- Support in obtaining RGPD certification
- External DPO
- CNIL notification of personal data breach
- Support during a CNIL inspection
- Implementation of privacy by design
- Data Protection Policy
- Data Retention Policy
- Subcontractor Compliance Audit
- Optimize your data collection and management processes
The governance of personal data often involves internal transformations and the implementation of continuous management tools, adapted to the processing of sensitive data. But it also creates opportunities to strengthen customer-supplier relations, accelerate internal transformations such as paperless processes, and imagine new offers. CDW Avocats brings you the benefit of its experience.
Info Links (in French)
