The GDPR checklist to be compliant

The General Data Protection Regulation (GDPR) is an essential regulation to guarantee the protection of individuals' personal data. To help you ensure that your business fully complies with GDPR requirements, here is a checklist based on the guidelines provided by the CNIL (National Commission for Information Technology and Liberties) specifically intended for VSEs and SMEs.

1. Awareness and training

• Raise awareness among the entire team of the issues and principles of the GDPR.
• Train employees in good practices regarding the protection of personal data.

2. Data collection

• Identify the personal data collected.
• Establish a legal basis for each data processing.
• Inform the persons concerned of the purpose of the collection and obtain their consent if necessary.

3. Data management

• Secure personal data by implementing appropriate protection measures.
• Establish procedures to guarantee the exercise of the rights of data subjects (access, rectification, deletion, opposition, portability).
• Maintain a record of personal data processing activities.

4. Relations with subcontractors

• Ensure that subcontractors comply with data protection requirements.
• Sign data processing contracts with subcontractors to regulate their obligations.

5. Documentation and proof of compliance

• Document compliance efforts and data protection impact assessments.
• Be able to demonstrate compliance in the event of control by the data protection authority.

6. Monitoring and updating

• Monitor developments in GDPR regulations and adapt company practices accordingly.
• Carry out regular internal audits to verify compliance with data protection rules.

By following this checklist, VSEs and SMEs can more easily ensure that their processing of personal data complies with the GDPR and that they effectively protect the rights and freedoms of individuals. Remember that GDPR compliance is an ongoing process that requires constant vigilance and adaptation to regulatory developments.