At the time of writing these lines there are less than 115 days left before the GDPR comes into action (to see where we stand when you'll read these lines there is a countdown clock ticking and teasing in the living room).
Some people are freaking out, realizing that time is running out and they may not be ready. We remind them that the CNIL published several months ago a 6-step process (FR), with standardized documents that aims to de-dramatize the GDPR.
If you have complied with the 1992 Belgian law on privacy, you should not have too much trouble coping with the GDPR.
If you were unscrupulous, it is clear that you will experience a change and the task must look more complex. You are 25 years behind schedule, as Jacques Folon claims in his various speeches. But nothing is impossible.
If you pretend that this is not your concern, it is the most serious mistake. You must be able to prove the implementation of the legislation. To document your progress is the best way to prove that you have cadastralized the data processing operations for which you are responsible. without proof, you are guilty of a breach.
The GDPR is a set of recommendations that tend to document and make public what you do with the data that is transmitted to you while ensuring its confidentiality, security and obsolescence. And which, unlike the 1992 law, provides for control and repression measures if you do not comply with the laws.
Spade proposes to share with you its own journey towards the respect of the GDPR and the different reflections that this journey induces. Because for a digital agency, the GDPR is an opportunity to rethink digital objects as "simple" as forms and, while adhering to the spirit of the law, propose simple, obvious, efficient and compliant user experiences.
In our digital agency business, personal data is a raw material. These are
- IP addresses
- data from forms
- subscription to newsletters
The consideration of collection points, stages of processing, diffusion will allow us to write posts on this blog to let you know our ideas, approaches. There are of course other personal data that we process (customer and employee data) but we will not cover this part of the data too much. We simply document the treatments and access, and put restrictions in place. This is the basis of the process.
So we officially announce it to you: we have a person in charge of the implementation of this project and Denis Balencourt is the lucky one.
He surveys Brussels and Wallonia to attend the various events on the subject, and takes it to heart to reduce the impact of this legislation on the way we operate, both internally and with our clients.
He hopes that this series of articles will be inspiring and useful to everyone, because the GDPR is the first time for everyone. Faced with newness, it is the spirit of the web that drives us, in short openness and sharing.