General Data Protection Regulation

ValorConseil accompanies you in your compliance process

The General Data Protection Regulation enters into force next May, it was definitively adopted by the European Parliament on 14 April 2016 and will be implemented in the Member States on 25 May 2018. It applies to any organisation storing or manipulating personal data concerning a citizen of Europe. It is important to emphasize the “wide” definition of personal data, including the IP address of an individual’s computer, first name, family name, email address and phone number. This law imposes many obligations of securing the informations, tracing any data processing, and affect organisation’s processes. Your entity’s compliance requires that you review your tools, processes, and all the organizations you deal with (suppliers, partners, administrations) as you are responsible for them.
ValorConseil has developed services to detect the necessary actions for small and medium businesses and organisations to meet compliance.

SMB and similar organizations in the RGPD sense

Starting from 250 employees, a company has the obligation to create a DPO (Data Protection officer) position whose function will be to manage the conformity of its establishment. The organizations targeted by our services have fewer than 250 employees and therefore do not have the obligation to appoint one.
It is to be remembered that our recommendations are structuring in terms of technical solutions. We rely on the Microsoft Office 365 platform and possibly Microsoft Azure as a complement.

GDPR Audit, $3.000 fixed price

To date, you are probably not able to meet all of the compliance criteria. In May 2018, 97% of SMBs will not comply with the RGPD regulation…
Our package includes 3 phases that can be programmed in less than a month. The compliance process can start two weeks after Phase 1, which consists of an on-line diagnosis and pre-engagement meeting. Full and rich deliveries are delivered at each stage.

Remote audit can be conducted by on-line meetings, conducted by English speeking consultants.

Methodology

We have developed a methodology based on tools developed by Microsoft to respond to the need for proof of the compliance process. We rely on a Microsoft platform for technical means and a set of procedural recommendations specifically for your organization.

  1. The first phase consists of an interactive briefing and a delivery of introduction deliverables, it is closed by a Q&A.
  2. We will assist you in the designation of your GDPR referent (OPD role or Provider Interface) in Phase 2.
  3. At the end of this audit process, the IT assesment, process inventories, as well as the return of the survey, are reviewed to produce an audit report, which is interactively returned to your team (or teams). A complete composite deliverable is delivered in Phase 3 to your referent/DPO.
  4. Optional accompaniment to compliance. This fourth phase starts the TMA (recurring maintenance) of the RGPD compliance process, but is not part of the proposed flat rate package.

Documents de référence

Pages de référence

RGPD_Guide_CNIL  6 étapes CNIL
RGPD_process_(Microsoft)  Microsoft RGPD
Texte de loi (PDF)  Texte de loi