A) Mapping Tools
To get off to a good start, a tool designed to map your enterprise's data processing activities is essential. You should know that CNIL, the French National Commission on Data Processing and Personal Freedom has published an open source program known as PIA (Privacy Impact Assessment) which meets this needs. If the IT service provider you have selected suggests another tool, be careful. It's better to opt for the tools provided by CNIL. As CNIL is the regulator, it is a way to be sure that you will meet their standards. Namely, at Captivea, we rely specifically on the PIA to meet the challenges of the GDPR.
B) Audit Tools
In parallel with the data mapping, you will need to audit your various systems: CRM, ERP, e-mail, file servers, HR, finance, Excel files, and it's better to work systematically through each system. Once again, the software suggested by CNIL makes it possible to complete this audit work. If you have expert IT support, that's all there is to do.
C) Tools Designed to Address the Impact of an Issue
Measures relating to the impact of data are used to identify high-risk processing activities within the criteria defined in the GDPR. As its name applies, CNIL's Privacy Impact Assessment software was initially created to meet this requirement. For this part, we recommend that you obtain the support of a law firm, which will be in a better position to interpret the analysis produced by the software and to guide you in relation to the actions to be taken.
D) Tools Designed to Manage Individuals Rights
In relation to the law relating to individual rights, the valuable advice of a law firm will, once again, be helpful. The PIA makes it possible to fill in the aspects relating to individuals' rights, which will then enable you to demonstrate that you have taken appropriate measures to comply with the GDPR.
E) Tools Designed to Produce GDPR Documentation