How to be GDPR compliant

You are looking for pragmatic and operational answers to what to do and what not to do about data-processing, use and retention? We will reply to your questions in a simple and practical way about GDPR in this article.

Lesterius Team
Apr 3, 2018 · 5 min read
Image for post
Image for post
“A honeycomb pattern in the modern facade of a building in Brussels” by Fuse Brussels on Unsplash

What is GDPR?

GDPR means « General Data Protection Regulation ». The European Parliament adopted GDPR in April 2016, replacing an outdated data protection directive from 1995. It reaches a higher level of protection than previously, for all consumers whose personal data is required.

Personal data is any information relating to a person or a “Data Subject”. Personal data can be used to identify the person (name, picture, email address, bank details, social network account, medical information, even a computer IP or Internet Protocol address).

✔︎ To give citizens back control of their personal data;
✔︎ Empower the actors involved in the data;
✔︎ Increase awareness of regulation through a system of penalties.

GDPR compliancy concerns every European company which processes the personal data of European citizens. It affects companies in many different ways, depending on various factors such as: company size, the types and amount of data it processes, and its current security and privacy measures.

In the event of non-compliance, companies can be fined from 2% to 4% of turnover and up to 20 million euros for the most serious offenses.

Enforcement will be applicable from the 25th of May 2018.


Implementation

In 2017, Stef B., a Belgian lawyer, “joined the game” at Lesterius.
He has been designated as the Data Protection Officer (DPO) of the entire group.

His missions are:
✔︎ To check the compliance of our processes regarding the use of personal data within the provisions of the GDPR;
✔︎ Accompany and advise managers and employees of the company on the use of personal data in accordance with the regulations;
✔︎ Alert the central management of any breach within the provisions of the GDPR.

Meetings are held regularly between Project Managers in France, Belgium and The Netherlands. Keynotes are made every 2 months to the whole group.

“GDPR is not a coming storm, but a new breeze will blow” he says to us.


Main provisions of GDPR

Image for post
Image for post

Right of Information: Users should be informed of any data collection concerning them, and will have to give their explicit consent to this.
Action: Apply data protection by design and by default

Image for post
Image for post

Right to Access: Users will be able to request access to their personal data and ask what it is used for.
Action: You must give your contacts access to the data you hold on them.

Image for post
Image for post

Right of Consent: At any time, a customer may withdraw their consent to their data being used by your company.
Action: You must obtain from your contacts their unambiguous, express and explicit consent to store and use their personal data in some precise cases.

Image for post
Image for post

Right of Data portability: Users will have the right to recover their data to be reused by another service provider.

Image for post
Image for post

Right to erasure or, Right to be forgotten: It enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Action: You must ensure that your contacts can easily request the deletion of their data.

Image for post
Image for post

Right of Notification: In the event of leakage of data concerning a user, they will have the right to be informed within 72 hours of the discovery of the leak.
Action: Warn your customers if there are data breaches and flaws.

Do you remember Meltdown and Spectre? We conscientiously did a mailing warning our customers and published posts about it.


We adopt codes of conduct that promote anonymization & pseudonymization.

Anonymization: It becomes impossible to identify a person.

Pseudonymization: It becomes impossible to identify individuals. However for others, it might be possible because they have access to other information that can be combined. We might not immediately recognise someone after the pseudonymization process.


Lesterius team State of Mind

The Lesterius team has always felt concerned about data protection and social environment security.

We provide custom app solutions for many customers & many users,
— we train people,
— we manage hosting servers,
— we organise conferences in Europe,
— we also know the personal data of our employees is very precious,
— …This is a non-exhaustive list. Data protection, privacy and security in general have always been a priority for us.

Firstly, we tend to make it internally understandable: what “personal data” is involved and what processes should be applied to allow us and our customers to be GDPR compliant.

On one hand, we will adapt our data-processing with GDPR.


Contact

  • You have a question about our Medium posts, contact mkt (at) lesterius.com or leave a comment below
  • You are a customer and you would like to ask a question to our DPO or ask for an audit? Please send us a mail here

Useful links

Council of the European Union: “Position of the Council at first reading with a view to the adoption of a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”
http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

EU GDPR https://www.eugdpr.org

Intersoft Consulting https://gdpr-info.eu

How to GDPR-proof your startup https://thenextweb.com/tq/2018/01/17/gdpr-proof-your-startup-time-running-out/

Image for post
Image for post

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store