+689 87 72 08 28
leo.peuillot@meta.legal

Your personal data : training, audit, compliance with GDPR

The stakes

The law on personal data is mainly based on the Data Protection Act of 6 January 1978 and the General Data Protection Regulations (GDPR), No. 2016/679, of 27 April 2016.

Beyond the control of sanction risks, compliance with the GDPR makes it possible to structure your organization while building the trust of your clients and partners.

Compliance with the GDPR requires identifying the main internal processes within the company that involve the processing of personal data. These processes generally correspond to the company’s departments, including:

– Human Resources

– Customers and marketing

– Suppliers and subcontractors

Compliance is indeed an opportunity to create or review cooperation processes between the operational departments, the IT department and the legal department.

Because of their expertise and ethics, lawyers are the most appropriate professionals to meet the needs of organizations in terms of compliance with the GDPR.

On the one hand, the analysis of a situation with regard to legal texts constitutes the very principle of the lawyer’s activity. Compliance” is a process controlled and carried out by lawyers, leaders in this market since the beginning.

On the other hand, the lawyer’s ethical rules (professional secrecy, prohibition of any conflict of interest, etc.) offer unequalled guarantees to clients.

Our offer

META supports you in your compliance with laws and regulations relating to the protection of personal data.

Our offer is based on the expertise of Léo PEUILLOT, who worked in 2018 in the Compliance Tools Department of the French National Commission on Information Technology and Liberties (CNIL) in Paris.

Léo PEUILLOT is also a member of the Association française des correspondants aux données personnelles (AFCDP), which is the largest national network of specialists in the field of personal data protection and compliance with the GDPR.

Our services can be chosen individually or in a package including several additional services, according to your preferences.

They are organized in seven parts:

1. Train your staff in personal data law

Involving and raising awareness among all employees in the process of achieving DGMP compliance helps to build understanding and support for the approach.

Our training courses are intended for a varied audience: they can be general (e. g. the essential elements of the GDPR) or concrete (e. g. compliance documentation) and also specifically target your field of activity (e. g. GDPR compliance in the health sector, banks, insurance, supermarkets or the public sector).

We organise tailor-made training courses, conferences and workshops.

2. Mapping data processing

Compliance involves mapping the data processing carried out within an organization. This step consists of carrying out an in-depth legal and technical audit.

This step allows to identify in particular :

          • The processing of personal data;
          • The purposes and legal basis of the processing operations;
          • Conservation periods;
          • The recipients of the data;
          • The risks linked to the processing of personal data;
          • Data flows outside the European Union;
          • Specific risks to privacy;
          • Data controllers and processors;
          • The means of security implemented;
          • Information to data subjects.

3. Analyse the conformity of processing operations and determine an action plan.

The characteristics of each treatment must be analysed to ensure compliance with regulations.

Several points are examined, in particular the proportionality of the data collected and the storage period in relation to the purposes of the processing operation, information to be given to individuals, etc. The following points are examined

An action plan is then drawn up. This document sets out the objectives to be achieved and the tools to be put in place, in particular :

          • The register of processing operations ;
          • Impact assessments relating to data protection;
          • The privacy policy;
          • Documentation allowing information and the exercise of the rights of data subjects and their consent;
          • Auditing and correction of contracts with personal data aspects, particularly with regard to subcontracting;
          • Support for the data protection officer;
          • Concrete actions to ensure the security of personal data.

4. Implementing the action plan for preventing and dealing with risks

The implementation of the action plan involves the drafting of documents and the development of tools and measures, in particular :

          • The processing registry;
          • Impact assessments relating to data protection;
          • The privacy policy;
          • Documentation enabling the information and exercise of the rights of data subjects and their consent;
          • Auditing and correction of contracts with personal data aspects, particularly in the area of outsourcing;
          • Concrete actions to ensure the security of personal data.

5. Strengthening the data protection officer

The Data Protection Officer (DPO) must at the same time raise awareness, advise and monitor his or her organisation. In order to carry out these tasks, the DPO must have legal and technical expertise, while at the same time providing guarantees of independence.

We can assist your internal DPO in the implementation of his or her tasks.

6. Assistance in the event of control or litigation

We assist you in your relations with the CNIL, in the event of an audit by the latter and in appeals against its decisions or its lack of response.

We intervene to help you exercise your rights (access, deletion, limitation, rectification, etc.), but also to stop and punish any infringement of personal data rights: recourse before the CNIL, criminal proceedings, civil summons.

Curabitur amet, dolor ut eleifend fringilla sem, sit tempus ut ultricies massa