The completion of an GDPR inventory of fixtures makes it possible to obtain the instruments and the first steps to follow in order to comply with the Data Protection Act. It is essential for the preparation of a CNIL compliance audit. In addition, the application of the security recommendations of the GDPR inventory not only makes it possible to better protect the processing of personal data but also to avoid disclosures of sensitive company data. The lack of security of personal data may lead the CNIL, or any other European supervisory authority, to sanction the body that contravenes its obligations. These sanctions, in addition to the substantial pecuniary nature, may be made public and thus seriously damage the brand image.
The IT and Liberties compliance approach is of interest to both large accounts and start-ups. The obligations relating to the protection of personal data apply uniformly to all actors in any sector of activity, whether public or private and whether or not they manage sensitive data. The GDPR inventory can thus answer the first questions of an organization wishing to know more about its level of compliance and take appropriate measures if necessary.
The procedure implemented by Digitemis consists in the analysis of the processing of personal data carried out by the organisations in the light of the recommendations of the CNIL, the Data Protection Act and the European legislation on the protection of personal data. Our study also anticipates the new obligations of the European Regulation on the Protection of Personal Data (GDPR) which will enter into force in May 2018.
In practice, based on interviews with department heads and documentation, Digitemis provides a report to the audited organization. This report includes an assessment of the situation with regard to legal obligations and prior formalities carried out with the CNIL. Recommendations are made to the auditee on areas of improvement and critical areas of legal non-compliance.
Our analysis focuses in particular on contractual and commercial relations, the effectiveness of the exercise of people’s rights, the processes set up internally to comply with IT and Freedom obligations, as well as data security tools and the records of processing of human resources data.
Digitemis auditors meet the experience and training level requirements required by the “CNIL Audit” labels.