I got some questions about GDPR compliance. I would like to know how we can make our company compliant on the technical and organizational side.
We use Microsoft Office and a Software As a Service (Saas) ERP named Odoo. How can we use these tools in a way to be GDPR compliant. On the technical side I suppose we can't do much. However on the organizational side I think we are supposed to make the difference. I was thinking about restrictions to some shares, create leaving and arriving procedures for collegues.
What I am worrying about is how to manage client data. Would it be enough to leave them on our professional laptop or do they need to be on the share with limited access?
If you need more information in order to understand my questions I will be happy to provide them.