GDPR Tools: What needs to be implemented?

Captivea LLC, Sébastien RISS

The official date for GDPR to come into effect is approaching apace. Either you will have started your compliance process, or at least you're thinking about it. Nevertheless, there are many unresolved issues that we have attempted to address in this white paper. In our view, there is one final issue to address which tools should be put in place. A short overview: 

Odoo CMS - a big picture

A) Mapping Tools

To get off to a good start, a tool designed to map your enterprise's data processing activities is essential. You should know that CNIL, the French National Commission on Data Processing and Personal Freedom has published an open source program known as PIA (Privacy Impact Assessment) which meets this needs. If the IT service provider you have selected suggests another tool, be careful. It's better to opt for the tools provided by CNIL. As CNIL is the regulator, it is a way to be sure that you will meet their standards. Namely, at Captivea, we rely specifically on the PIA to meet the challenges of the GDPR.

B) Audit Tools

In parallel with the data mapping, you will need to audit your various systems: CRM, ERP, e-mail, file servers, HR, finance, Excel files, and it's better to work systematically through each system. Once again, the software suggested by CNIL makes it possible to complete this audit work. If you have expert IT support, that's all there is to do.

C) Tools Designed to Address the Impact of an Issue

Measures relating to the impact of data are used to identify high-risk processing activities within the criteria defined in the GDPR. As its name applies, CNIL's Privacy Impact Assessment software was initially created to meet this requirement. For this part, we recommend that you obtain the support of a law firm, which will be in a better position to interpret the analysis produced by the software and to guide you in relation to the actions to be taken.

D) Tools Designed to Manage Individuals Rights

In relation to the law relating to individual rights, the valuable advice of a law firm  will, once again, be helpful. The PIA makes it possible to fill in the aspects relating to individuals' rights, which will then enable you to demonstrate that you have taken appropriate measures to comply with the GDPR.


E) Tools Designed to Produce GDPR Documentation

As you will have guessed, the PIA is once again the answer. This is because, you will have recorded the entire process undertaken within the software, quite logically, the software will suggest generating the required documentation, and, as this documentation requires regular updating, a practical, intuitive tool that complies with the GDPR guidelines to the letter is what you need.

As you will learn, the PIA is at risk of becoming your best friend (at least where GDPR is concerned). Then, working with your two expert partners (the IT service provider and the law firm) you will have a rapid response team, fully equipped, to guide you throughout the process of complying with the GDPR.

Naturally, the PIA is not the only solution, and a myriad of applications will undoubtedly appear over the coming months. Nevertheless, by choosing the software published by CNIL, you will have the confidence that comes from using a compliant, reliable solution.                  

Odoo text and image block

Discover our White Paper GDPR