scroll down

GDPR - Full package

GDPR... It seems to have become a buzzword. The months preceding the entry into force of the GDPR were hectic: information sessions and (online) articles proliferated. And then there was the craze to be compliant, exactly as if everyone suddenly started acting unthinkingly.

Since 25 May 2018 GDPR has been in force. Meanwhile, the storm has died down. Nevertheless, GDPR should not be forgotten: being compliant is not a one-off task, but a continuous process. Not that you have to constantly turn your way of working upside down, but you must of course ensure that you are compliant at all times.

First of all: what is it?

GDPR (General Data Protection Regulation) is a European regulation in response to the rapidly changing social and technological environment and deals with the protection of personal data.

 


GDPR is very comprehensive. Here are a few important points:

Personal data may only be processed on the basis of 6 legal grounds:

  • Explicit consent
  • Necessary in the context of a legal obligation, an agreement, vital interest, general interest and legitimate interest.
  • The protection of personal data must be guaranteed when it is being processed. Processing is very broad: any possible operation or handling of personal data, i.e. collecting, recording, organising, structuring, storing, updating, amending, retrieving, consulting, using, etc.
  • If there is a data leak, under certain circumstances this must be reported to the Data Protection Authority within 72 hours. Sometimes those involved must also be informed. So you must know when to report it and to whom.
  • Every citizen has some additional rights. Just think of the right to object, the right to be forgotten, etc. Moreover, the transfer of data must also be easy (e.g. changing energy supplier).
  • The position of Data Protection Officer.

GDPR applies to every company, so everyone needs to take a close look at their processes in order to check whether they handle the data of your customers, suppliers and other contacts securely enough.

No worries, trustteam can help you!

In three steps we can help you to make your organisation fully GDPR-proof. Even if you have already done the full exercise some time ago, the checklist can be a useful tool.

1. Organisational - processes and procedures

In the first phase of the process, we guide you in analysing the situation in your company. Afterwards, a general or in-depth information security management system is elaborated that meets the requirements within the GDPR. The result of this session is a clear action plan with the steps to be taken. View the flyer here.

2. Technical - security

How secure is your IT environment? Have you taken enough measures to protect your company against data breaches? Is your company immune to cyber attacks? By means of a comprehensive IT and security audit, we scrutinise your entire environment. Again, an action plan is provided.

3. Education - human awareness

GDPR applies to EVERYONE. Therefore it is important that all your employees are aware of what GDPR exactly entails, what the pitfalls are and how they can respond. The final step in our umbrella project is therefore an interactive video training full of useful tips and tricks. Your employees will become true GDPR specialists! View the flyer here.

And it can be even easier...

Did you know that we have obtained the ISO 27001 and HDS certificates? So we meet all requirements of GDPR.

The new HDS certificate (Hébergeur de Données de Santé) shows how seriously Trustteam takes data protection. HDS certification is a necessity for Cloud service providers who host personal medical information collected for the provision of preventive, diagnostic and other health services. French law stipulates that any healthcare organisation - hospitals, pharmaceutical companies, laboratories, external prevention and protection services - that processes personal medical data must use a HDS-certified service provider. We are therefore proud to say that Trustteam & Health@Work is one such service provider.

HDS requires us to take even stricter measures regarding the protection, security, confidentiality and accessibility of medical data in our data centre. These measures include strong authentication and authorisation procedures, robust back-up systems, and powerful encryption methods. HDS also specifies mandatory requirements that must be included in contracts with the cloud service provider. These requirements apply regardless of where the data is stored.

What's in it for you?
If you host your environment in Trustteam's data centre, you automatically get rid of a lot of GDPR worries!

Contact us for more info

Other interesting services

Security Audit
Network audit
  • One-stop-shop for your IT
  • Always reachable
  • Management of own data centres