The client
For a consultancy company that provides their services in the financial industry SEVENTREES implemented the GDPR (AVG in Dutch).

The question
Are we handling personal data accordingly, and if not, what measures do we need to take to comply by May the 25th of 2018?”

Our role
SEVENTREES was responsible for the GAP analysis on how their privacy policy and procedures were currently shaped and maintained, propose a new or adjusted way of working and implement this in the daily business when it comes to handling (personal) data of parties they do business with. The project lasted for 3 months and was done by two SEVENTREES employees.

Way of working
When SEVENTREES takes on a project, the regulation is well known by the employees. We train our employees on the relevant regulation and assign the best match to the project.

SEVENTREES analysed the requirements as described in the GDPR and compared them to the current way of working. In this case all the personal data registered from the involved parties were with a good reason (Goal of register). The main compliancy issue in this case (and in most cases) was a policy and procedures to guide the processing of clean data and how to handle it (right to be forgotten, retention period and consent).

The GDPR describes on how a company that processes personal data should handle it, and how to capture the policy and procedure. This so called handbook needed to be written for the client. In this handbook the way of working with personal data is described, for which reasons, what data is stored (the register), what to do with a security breach and who will be responsible for the complete (personal) data journey of the involved persons.

Result
In the end SEVENTREES provided the client with a manual / handbook with procedures that needed adjustment, implemented these changes and appointed the responsible officer to maintain compliancy. In the end, a happy client with one less thing to worry about!