Expert Advice Community

Guest

EU GDPR Inventories

  Quote
Guest
Guest user Created:   Nov 12, 2019 Last commented:   Nov 12, 2019

EU GDPR Inventories

We are a small company and we have just now stated working on our compliance program.
  1. Can you please suggest what would be the best way to start with that?
  2. What information do we need to include in our Inventory?
  3. How much time do you think it will take to implement the basics?
  4. Is there a list of documents which are mandatory?
  5. Do you think we need to have a DPO?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Nov 12, 2019

1. We are a small company and we have just now stated working on our compliance program.Can you please suggest what would be the best way to start with that?

The best way to start is to do an internal assessment and determine which are the areas you need to address first. I suggest to use this EU GDPR Readiness Assessment Tool  (https://advisera.com/eugdpracademy/eu-gdpr-readiness-assessment-tool/) to get an idea of where you are currently standing.

2. What information do we need to include in our Inventory?

The information to be included in the Inventory of processing activities is described in art. 30 of the GDPR. You can find a readily available template for such an inventory as a part of our GDPR Data Mapping & DPIA Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-data-mapping-dpia-toolkit/)

3. How much time do you think it will take to implement the basics?

You can use this EU GDPR Compliance Duration Calculator (https://advisera.com/eugdpracademy/free-tools/) to get an estimate on the time needed to become compliant.

4. Is there a list of documents which are mandatory?

You can find on our website at https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ a list of documents you can download. The mandatory documents are marked in the list.

5. Do you think we need to have a DPO?

This depends on your activities. You need to appoint a DPO if(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 12, 2019

Nov 12, 2019

Suggested Topics

Guest user Created:   Oct 08, 2019 EU GDPR
Replies: 1
0 1

Privacy questions

Guest user Created:   Aug 06, 2023 EU GDPR
Replies: 1
0 0

Do we need VPN to comply with GDPR?

Guest user Created:   Jul 12, 2023 EU GDPR
Replies: 1
0 0

Business Continuity Plan and GDPR