Expert Advice Community

Guest

GDPR Compliance questions

  Quote
Guest
Guest user Created:   Jun 24, 2021 Last commented:   Jun 29, 2021

GDPR Compliance questions

I got some questions about GDPR compliance. I would like to know how we can make our company compliant on the technical and organizational side.

We use Microsoft Office and a Software As a Service (Saas) ERP named Odoo. How can we use these tools in a way to be GDPR compliant. On the technical side I suppose we can't do much. However on the organizational side I think we are supposed to make the difference. I was thinking about restrictions to some shares, create leaving and arriving procedures for collegues.

What I am worrying about is how to manage client data. Would it be enough to leave them on our professional laptop or do they need to be on the share with limited access?

If you need more information in order to understand my questions I will be happy to provide them.

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Jun 29, 2021

I agree with you, the organizational side can make the difference in increasing compliance and awareness about security and GDPR requirements. Setting an access policy determining the level of confidentiality of documents and persons allowed to access or modify them is a good security measure.

Another organizational measure is to set the rules of data processing for your employees with a data protection policy and also an IT security policy in order to define some technical aspect like software that is not allowed in your organization's IT system.

Thinking about the storage you mentioned, keeping all data on your laptop can expose you to a data breach in case the laptop stops working or something happens to data, so that if you decide to follow this path implement some backup solution.

Another approach is to keep data on cloud setting access levels to your employees and increase the possibility to work from anywhere. In this case, consider installing a VPN in order to protect access and navigation and, of course, set access levels for your employees.   

Here you can find some information about starting the compliance process:

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/course/eu-gdpr-foundations-course/

 

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 24, 2021

Jun 29, 2021