How I drive the RGPD process with Perfony and I don’t forget anything!
May 25, 2018 was the cut-off date for all those involved in any way in the DGR compliance process.
But it is also the beginning of a new way of looking at personal data protection where companies are invited to be proactive on the subject.
Just like an ISO process, RGPD compliance must be a real change of mindset for the whole company and does not only apply to the DPO.
What is important to make clear is that “DPMR” is not simply a sum of rules, but is above all an approach that aims to ensure better protection of personal data.
Since it is spread out over time, it requires regular monitoring and engages the company in a process of continuous improvement.
As DPO, I wanted to have a support tool for my working group because we are all in different departments. My objective with Perfony was to be able to really pilot this subject, in the long term, and to be able to transmit it if necessary.
How is Perfony used to drive RGPD?
- I gathered all the people from the different departments who had to intervene in the framework of the compliance with the GDMP in a common and unique tool and we chose Perfony.
- An RGPD folder has been created, bringing together all participants.
- A quarterly steering meeting was also created, and thanks to the recurrence tool, I only had to do it once.
- The agenda for this meeting is updated quarterly. It is created in a collaborative way thanks to the suggestions proposed by the participants. This co-construction approach encourages the involvement of the participants.
- Some agenda items are systematically (and automatically) renewed, such as the monitoring of registers, for example.
- During these meetings, we exchange on legal developments in data protection, we share on good practices detected within our organization or identified outside, and we decide on improvement actions that will be implemented. These decisions are immediately recorded in the Record of Decisions and the resulting actions are assigned to the various managers.
The minutes of these meetings are our “road book” for the coming months and are available at the end of the meeting.
- As we only meet every three months, it is very important that decisions and actions are formalised without ambiguity and accessible to all, even outside our meetings.
- Between our meetings, everyone shares the progress of their actions and can report important information or difficulties encountered so as not to get stuck.
- Deliverables (records, security policies…) are also shared directly in our common folder.
- We have also created a “RGPD” tag so that everyone in the company can share their actions with us or suggest them to us. These actions automatically go back into our action plan review at our meetings.
“DPO is a new responsibility, so it was difficult to get a clear picture of the work. So we chose a solid organization, around a single centralizing tool, which is the backbone of our DPO team.”
We were able to produce the registers quickly, involving all the services for which it was necessary, without exchanging hundreds of emails. Each register drafting was the subject of an action in which the interlocutors could collaborate up to the deliverable.
Sharing of information
Everyone knows what they have to do. All participants in the RGPD working group know where to find the information and even those who are not part of it can interact with the team.
The topics are really moving forward, despite the long intervals between our meetings on the one hand and the break-up of our working group within the company on the other.
The organization is well established and DPM is fluid within the company.
No more use cases?
Discover other uses of Perfony in teams in full bloom.
To become the manager they are waiting for, to put an end to useless meetings, so that everyone knows at all times what they have to do, enter the Perfony approach!
0 spam, 0 commitment, 0€.