The GDPR came into effect on 25 May 2018. As our members prepared for this regulation and now continue in their efforts, we have worked to provide specific tools and targeted events to support them in the IT implementation. Below, you can find tools relating to your relationship with your IT vendor, templates to use internally in your company, and presentations with insight from our events.
IT vendor-related tools
NEW Controller-Processor checklist (after login)
Determining whether a third-party is or could be a processor, controller or joint controller is not always clear. This overview lists the types of companies that are usually a processor, and describes the typical cases of joint controller situations. It thus offers a guideline in categorising a third-party.
NEW General GDPR questionnaire for provider 'quick scan' (after login)
Maintaining compliance with privacy regulations is an ongoing issue for companies. This questionnaire, with just 13 basic questions covering topics that are valid in every context, enables a ‘quick scan’ of providers, to ensure that they will be compliant themselves, and will also process customer data in a compliant way.
Payroll consultants/social secretariats have access to personal data on your staff. Beltug has developed a questionnaire that you can present to your payroll consultant to verify their own compliance with the GDPR, and to ensure they will process your data in full compliance with the regulation.
GDPR Vendor Assessment questionnaire, in cooperation with DPOffice (details + questionnaire)
Many things are at stake when preparing and maintaining your compliance with the GDPR. Beltug has created a list of core questions for you to ask your cloud providers. The list has been discussed with a select number of ICT/cloud suppliers, to gain their perspective and options for the best approach. We believe that this questionnaire will make a significant difference for companies on their way to GDPR compliance.
Template Data Protection Clause, in cooperation with Allen & Overy (after login)
Beltug and Allen & Overy have created a template that Beltug members can use for the data protection clause of their IT services contracts. You can use this template as a starting point, and then customise it to take into account the specific processing, as well as the roles of the Customer and Supplier. While it has been developed for contracts between two companies in the EU, you can adapt it with additional safeguards if this isn't the case.
Internal GDPR tools
Personal Data Breach Management Policy (after login)
What would you do in the event of a personal data breach? Make sure you have a comprehensive Personal Data Breach Management Policy already set up, to provide inspiration and guidelines for anyone in your company who processes data. This Beltug tool provides a generic approach that you can tailor for your own breach management policy.
Privacy / Personal Data Protection Management Guidelines (after login)
Your compliance requirements do not end when the GDPR comes into effect: they are just beginning! You need to be prepared to take the necessary actions to maintain your compliance. Beltug’s Privacy / Personal Data Protection Management Guidelines give you a generic blueprint that you can tailor to set up your own privacy management approach and plans.
Template consent notice, in cooperation with Allen & Overy (after login)
The GDPR lays out consent requirements for the use of personal data. Beltug and Allen & Overy have created a template for requesting consent from customers, staff and other individuals, which communicates how personal data will be used, processed, etc. Beltug members can use this template as a starting point, and then customise it to their specific situation.
Updated Presentation for your Board, in cooperation with DPOffice (after login)
Beltug members can use this presentation to inform their Board about the European Data Protection Regulation. Please feel free to use the slides and content as you wish, in your own templates and formats, etc. You may add or delete information according to your needs.
Data inventory, in cooperation with Cranium (after login)
Template (Excel) Register of Processing Activity: Data inventory first, compliance next! The road towards the GDPR starts with an inventory of the personal data you process. Indeed, data inventorying is an essential step in your preparation: your organisation needs an inventory of all the types of information it processes, how that data will be protected, where the sensitive data sits. This tool helps you getting started building your register, as required by Article 30 of the GDPR.
Beltug Privacy Council
Details and mission (no login necessary)
This special interest group for experts/practitioners in matters of privacy covers data protection in the business domain, including (but not limited to) the GDPR. Are you a match - and willing to commit? Contact Danielle to submit your candidature.
Takeaways and presentations on GDPR from our events (after login)
Privacy rules in a global world - do's, don'ts and best practices (23 October 2018)
GDPR: exploring more complex features (8 February 2018)
GDPR – dive into the details (19 December 2017)
GDPR compliance: where do we stand? (14 June 2017)
Creating a GDPR-proof HR policy (17 May 2017)
GDPR and your path towards compliance (24 January 2017)
Beltug seeks answers for the EU data protection regime (GDPR) (15 September 2016)
You can also check our Library page for more presentations from other events and activities.
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login