[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGGE2d3zexrbCqdi4s2AIqPFleyyGiobqO8W4_QHzeLY":3},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":8,"wordCount":9,"readTime":10,"title":11,"nbDownloads":12,"excerpt":13,"lang":14,"url":15,"intro":16,"featured":4,"state":17,"author":18,"authorId":19,"datePublication":23,"dateCreation":24,"dateUpdate":25,"mainCategory":26,"categories":42,"metaDatas":48,"imageUrl":49,"imageThumbUrls":50,"id":58},false,"The General Data Protection Regulation (GDPR) is a regulation of the European Union (EU) that aims to regulate the use of personal data of individuals and protect their rights.\r\n\r\nFor businesses, compliance with the GDPR is essential not only to avoid fines but also to gain customers' trust.\r\n\r\nHere are some obligations to help businesses comply with the GDPR effectively:\r\n\r\n## 1. Appoint a Data Protection Officer (DPO)\r\n\r\nThe DPO oversees the company's data protection compliance.\r\n\r\nThe GDPR requires certain businesses to appoint a Data Protection Officer (DPO) to the competent supervisory authority (CNIL for France).\r\n\r\nTo learn how to appoint a DPO on Dastra, [click here](https://doc.dastra.eu/commencer/commencer/designer-un-dpo).\r\n\r\n**Note:**\r\n\r\nThe appointment of a DPO is mandatory for:\r\n- Companies that process 'sensitive' data or data relating to criminal convictions and offenses on a large scale;\r\n- Public authorities or bodies (except for courts when acting in their judicial capacity);\r\n- Companies that, as part of their processing of personal data, carry out regular and systematic monitoring of individuals on a large scale.\r\n\r\nOutside of these three cases, it is strongly recommended to appoint a DPO.\r\n\r\nThis allows entrusting an expert with the identification and coordination of actions to be taken regarding personal data protection.\r\nThe DPO can be internal or external to the company.\r\nIt can also be a shared role (especially in the public sector).\r\n\r\nConsult our article on [the methods of appointing a DPO](https://www.dastra.eu/fr/guide/les-modalites-de-designation-dun-delegue-a-la-protection-des-donnees/42392) to ensure you designate the right person.\r\n\r\n## 2. Develop a data mapping of the company\r\n\r\n![image.png](https://static.dastra.eu/richtextbackoffice/2cef6c94-17dd-4b1d-add0-9e596e88b1c3/image-original.png)\r\n\r\n* **What tools store and process personal data?** Personal data is omnipresent in CRMs, email software, mailboxes, etc. It is essential to exhaustively list all the tools used, whether digital or not.\r\n\r\n* **What types of data are present in these tools?** The data can be obvious, such as the name and surname, or more subtle and indirect, such as a phone number, a customer number, a date of birth, etc. It is important to note that all information allowing the direct or indirect identification of a natural person is considered personal data according to Article 4 of the GDPR.\r\n\r\nIt is also crucial to recall that personal data includes all information relating to an identified or identifiable natural person, whether directly (e.g., name and surname) or indirectly (e.g., social security number, email address, conversation recordings).\r\n\r\nNote that even in the context of a B2B relationship, personal data exists because behind every company, there is always a natural person.\r\n\r\nIn this context, personal data can be linked to the professional email address and the identity of the natural person representing the company.\r\n\r\n## 3. Analyze and assess risks\r\n![image.png](https://static.dastra.eu/richtextbackoffice/2bcd213e-0ab6-43d8-9e00-ef08a96a538e/image-original.png)\r\n\r\nOnce the data is mapped, it is necessary to analyze the risks associated with its processing.\r\n\r\nThis analysis includes assessing the security of information systems, data processing processes, and data protection policies.\r\n\r\nThis step allows identifying vulnerabilities and implementing measures to mitigate them.\r\n\r\n**What elements present a compliance risk for individuals whose personal data is processed?**\r\n\r\n- **Retention period**: For example, keeping surveillance video images beyond one month may pose a problem.\r\n- **Data collection**: If you purchase email databases for commercial actions, individuals' consent may not have been properly obtained, which could result in reports to the CNIL.\r\n- **Identification of sensitive data**: For instance, if you collect information about a person's sexual orientation in a survey, appropriate security measures should be taken, such as restricted access to the results or pseudonymization.\r\n- **Subcontractors**: If you use non-GDPR compliant no-code tools from the United States, this can also be problematic.\r\n\r\nThis list is not exhaustive. Various risks may arise in the course of your activities. The important thing is always to consider how to reduce these risks to an acceptable level.\r\n\r\nBear in mind that when there is a high risk to individuals' rights and freedoms, it is necessary to carry out an impact assessment, known as a 'PIA' or 'DPIA'.\r\n\r\n**Did you know?**\r\nWith Dastra, you have the ability to conduct data protection impact assessments.\r\nQuickly identify targeted processing activities and easily meet the requirement to assess privacy risks.\r\n\r\nDiscover this feature by clicking the button below:\r\n\r\n{% button href='https://www.dastra.eu/fr/product-features/pia' text='Conduct a Data Protection Impact Assessment' role='button' class='btn btn-primary' target='_blank' %}\r\n\r\n## 4. Build a record of processing activities\r\n![image.png](https://static.dastra.eu/richtextbackoffice/b842f5f6-c236-4e99-89e9-53cabc59fa33/image-original.png)\r\n\r\nThe [record of processing activities](https://www.dastra.eu/fr/product-features/data-processing) is an essential document listing all processes involving personal data.\r\n\r\nThese processes include various operations such as collection, recording, use, transmission, pseudonymization, and destruction of data.\r\nEach operation on personal data is considered a processing activity.\r\n\r\nWithin the register, it is necessary to provide several pieces of information for each processing activity:\r\n\r\n1. **Purpose of data collection:** Each collected data must have a specific purpose, guiding its use. If data is not used in accordance with this purpose, it is advisable to remove it from the database.\r\n\r\n2. **Legal basis for collection:** Each data collection must be authorized, whether by the consent of the concerned individual, legal obligations, contracts, or legitimate interests. The legal bases for collection are defined in Article 6 of the GDPR.\r\n\r\n3. **Data retention period:** The data retention period must be justified based on the purpose of the processing. The CNIL provides a reference framework to help determine this duration.\r\n\r\n4. **Persons with access to data:** It is important to identify authorized recipients with access to the data, including subcontractors. Only competent persons should have access to the data.\r\n\r\n5. **Implemented security measures:** Security measures must be implemented to ensure data protection.\r\n\r\n## 5. Develop and update privacy policies\r\nThis document is now essential! It informs your users, customers, and partners about how you manage their personal data and the measures taken to ensure its protection.\r\n\r\nPrivacy policies must be transparent and easily accessible. They should clearly explain:\r\n\r\n- The reasons for data collection;\r\n- The specifics of the processing activities performed;\r\n- The procedures for exercising their rights;\r\n- The list of subcontractors, etc.\r\n\r\nIt is important for these policies to be reviewed and updated regularly.\r\n\r\n## 6. Implement technical and organizational measures\r\nThe GDPR requires appropriate technical and organizational measures to be implemented to ensure the security of personal data. This may include the use of encryption, pseudonymization of data, enhanced computer security protocols, and processes to ensure data confidentiality, integrity, and availability.\r\n\r\n## 7. Raise awareness and train staff\r\nFor better collaboration, it is crucial to train all employees on the principles of the GDPR and good data protection practices. Each employee handles personal data in the course of their duties. Therefore, commercial, HR, marketing, legal, etc., departments must contribute to the collective effort of identifying and processing data. Regular training sessions can help raise awareness among employees about the risks and responsibilities associated with data processing.\r\n\r\nHere are our best tips for engaging your employees:\r\n- **Identify obstacles and training needs of the teams.**\r\n- **Organize targeted training actions for different segments of employees.**\r\n- **Monitor the progress of each team.**\r\n- **Regularly remind them of good GDPR practices**.\r\n\r\n## 8. Implement data breach management procedures\r\n![image.png](https://static.dastra.eu/richtextbackoffice/55431f0e-7a0a-428b-a175-7184277ea505/image-original.png)\r\n\r\nThe GDPR requires notifying any data breach to the competent data protection authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.\r\n\r\nIt is therefore essential to have procedures in place to detect, report, and manage data breaches.\r\n\r\nWith Dastra, Manage your data breach register and improve your security.\r\n\r\n{% button href='https://www.dastra.eu/fr/product-features/data-breach' text='Manage Data Breaches' role='button' class='btn btn-primary' target='_blank' %}\r\n\r\n\r\n## 9. Facilitate the exercise of individuals' rights\r\n![image.png](https://static.dastra.eu/richtextbackoffice/de27b5ea-29f5-4b04-ab4c-b0dfd4905337/image-original.png)\r\n\r\nIndividuals have specific rights regarding their personal data, such as the right of access, rectification, erasure, and data portability. One of the key elements of the GDPR is to give individuals control over their personal information. For this reason, each person has specific rights regarding their personal data:\r\n\r\n- [Right of access](https://www.dastra.eu/fr/guide/droit-dacces/52264): Allows a user to know the progress of their data processing.\r\n- [Right of rectification](https://www.dastra.eu/fr/guide/droit-de-rectification/52274): Allows modification and correction of personal data.\r\n- [Right to object](https://www.dastra.eu/fr/guide/droit-dopposition/52272): Allows to object to the use of their data for a specific purpose.\r\n- Right to erasure or [right to be forgotten](https://www.dastra.eu/fr/guide/droit-a-loubli/52270): Enables obtaining the erasure of personal data.\r\n- [Right to restriction](https://www.dastra.eu/fr/guide/droit-a-la-limitation-du-traitement/52275): Allows temporarily stopping the use of data.\r\n- [Right to data portability](https://www.dastra.eu/fr/guide/droit-a-la-portabilite-des-donnees/52271): Allows a person to retrieve part of their data in a readable format for personal use or to transmit it to another organization.\r\n- **Right to human intervention**: Allows requesting human intervention in case of profiling.\r\n\r\nCompanies must establish procedures to enable individuals to easily exercise these rights.\r\n\r\nFor this, it is necessary to establish practical methods (online form, dedicated contacts), an effective internal process for handling requests, and a comprehensible and accessible response process for the individuals concerned.\r\n\r\nWith Dastra, automate the management of data subject requests!\r\n\r\n{% button href='https://www.dastra.eu/fr/product-features/data-subject-requests' text='Collect Data Subject Requests' role='button' class='btn btn-primary' target='_blank' %}\r\n\r\n## 10. Document compliance\r\nDocumentation is a key aspect of the GDPR. Companies must keep records of their data processing activities, risk assessments, implemented security measures, and evidence of compliance. This documentation may be requested by data protection authorities.\r\n\r\n{% button href='https://doc.dastra.eu/' text='Consult the Documentation' role='button' class='btn btn-primary' target='_blank' %}\r\n\r\n## Choosing a suitable GDPR tool\r\nComplying with the GDPR may seem complex, but by following these steps, you can effectively structure your approach as a company and reduce the risks of non-compliance.\r\n\r\nThe key is to make data protection a priority and integrate GDPR compliance into the company culture.\r\n\r\nAnd for that, we invite you to choose a GDPR tool adapted to your needs! Contact our experts!\r\n\r\n{% button href='https://www.dastra.eu/fr/contacts/demo' text='Request a Demo' role='button' class='btn btn-primary' target='_blank' %}","\u003Cp>The General Data Protection Regulation (GDPR) is a regulation of the European Union (EU) that aims to regulate the use of personal data of individuals and protect their rights.\u003C/p>\r\n\u003Cp>For businesses, compliance with the GDPR is essential not only to avoid fines but also to gain customers' trust.\u003C/p>\r\n\u003Cp>Here are some obligations to help businesses comply with the GDPR effectively:\u003C/p>\r\n\u003Ch2 id=\"appoint-a-data-protection-officer-dpo\">1. Appoint a Data Protection Officer (DPO)\u003C/h2>\r\n\u003Cp>The DPO oversees the company's data protection compliance.\u003C/p>\r\n\u003Cp>The GDPR requires certain businesses to appoint a Data Protection Officer (DPO) to the competent supervisory authority (CNIL for France).\u003C/p>\r\n\u003Cp>To learn how to appoint a DPO on Dastra, \u003Ca href=\"https://doc.dastra.eu/commencer/commencer/designer-un-dpo\">click here\u003C/a>.\u003C/p>\r\n\u003Cp>\u003Cstrong>Note:\u003C/strong>\u003C/p>\r\n\u003Cp>The appointment of a DPO is mandatory for:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Companies that process 'sensitive' data or data relating to criminal convictions and offenses on a large scale;\u003C/li>\r\n\u003Cli>Public authorities or bodies (except for courts when acting in their judicial capacity);\u003C/li>\r\n\u003Cli>Companies that, as part of their processing of personal data, carry out regular and systematic monitoring of individuals on a large scale.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>Outside of these three cases, it is strongly recommended to appoint a DPO.\u003C/p>\r\n\u003Cp>This allows entrusting an expert with the identification and coordination of actions to be taken regarding personal data protection.\r\nThe DPO can be internal or external to the company.\r\nIt can also be a shared role (especially in the public sector).\u003C/p>\r\n\u003Cp>Consult our article on \u003Ca href=\"https://www.dastra.eu/fr/guide/les-modalites-de-designation-dun-delegue-a-la-protection-des-donnees/42392\">the methods of appointing a DPO\u003C/a> to ensure you designate the right person.\u003C/p>\r\n\u003Ch2 id=\"develop-a-data-mapping-of-the-company\">2. Develop a data mapping of the company\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/2cef6c94-17dd-4b1d-add0-9e596e88b1c3/image-original.png\" alt=\"image.png\" />\u003C/p>\r\n\u003Cul>\r\n\u003Cli>\u003Cp>\u003Cstrong>What tools store and process personal data?\u003C/strong> Personal data is omnipresent in CRMs, email software, mailboxes, etc. It is essential to exhaustively list all the tools used, whether digital or not.\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>\u003Cstrong>What types of data are present in these tools?\u003C/strong> The data can be obvious, such as the name and surname, or more subtle and indirect, such as a phone number, a customer number, a date of birth, etc. It is important to note that all information allowing the direct or indirect identification of a natural person is considered personal data according to Article 4 of the GDPR.\u003C/p>\r\n\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>It is also crucial to recall that personal data includes all information relating to an identified or identifiable natural person, whether directly (e.g., name and surname) or indirectly (e.g., social security number, email address, conversation recordings).\u003C/p>\r\n\u003Cp>Note that even in the context of a B2B relationship, personal data exists because behind every company, there is always a natural person.\u003C/p>\r\n\u003Cp>In this context, personal data can be linked to the professional email address and the identity of the natural person representing the company.\u003C/p>\r\n\u003Ch2 id=\"analyze-and-assess-risks\">3. Analyze and assess risks\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/2bcd213e-0ab6-43d8-9e00-ef08a96a538e/image-original.png\" alt=\"image.png\" />\u003C/p>\r\n\u003Cp>Once the data is mapped, it is necessary to analyze the risks associated with its processing.\u003C/p>\r\n\u003Cp>This analysis includes assessing the security of information systems, data processing processes, and data protection policies.\u003C/p>\r\n\u003Cp>This step allows identifying vulnerabilities and implementing measures to mitigate them.\u003C/p>\r\n\u003Cp>\u003Cstrong>What elements present a compliance risk for individuals whose personal data is processed?\u003C/strong>\u003C/p>\r\n\u003Cul>\r\n\u003Cli>\u003Cstrong>Retention period\u003C/strong>: For example, keeping surveillance video images beyond one month may pose a problem.\u003C/li>\r\n\u003Cli>\u003Cstrong>Data collection\u003C/strong>: If you purchase email databases for commercial actions, individuals' consent may not have been properly obtained, which could result in reports to the CNIL.\u003C/li>\r\n\u003Cli>\u003Cstrong>Identification of sensitive data\u003C/strong>: For instance, if you collect information about a person's sexual orientation in a survey, appropriate security measures should be taken, such as restricted access to the results or pseudonymization.\u003C/li>\r\n\u003Cli>\u003Cstrong>Subcontractors\u003C/strong>: If you use non-GDPR compliant no-code tools from the United States, this can also be problematic.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>This list is not exhaustive. Various risks may arise in the course of your activities. The important thing is always to consider how to reduce these risks to an acceptable level.\u003C/p>\r\n\u003Cp>Bear in mind that when there is a high risk to individuals' rights and freedoms, it is necessary to carry out an impact assessment, known as a 'PIA' or 'DPIA'.\u003C/p>\r\n\u003Cp>\u003Cstrong>Did you know?\u003C/strong>\r\nWith Dastra, you have the ability to conduct data protection impact assessments.\r\nQuickly identify targeted processing activities and easily meet the requirement to assess privacy risks.\u003C/p>\r\n\u003Cp>Discover this feature by clicking the button below:\u003C/p>\r\n\u003Cdiv class=\"content-btn-container\">\u003Ca>\u003C/a>\u003C/div>\r\n\u003Ch2 id=\"build-a-record-of-processing-activities\">4. Build a record of processing activities\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/b842f5f6-c236-4e99-89e9-53cabc59fa33/image-original.png\" alt=\"image.png\" />\u003C/p>\r\n\u003Cp>The \u003Ca href=\"https://www.dastra.eu/fr/product-features/data-processing\">record of processing activities\u003C/a> is an essential document listing all processes involving personal data.\u003C/p>\r\n\u003Cp>These processes include various operations such as collection, recording, use, transmission, pseudonymization, and destruction of data.\r\nEach operation on personal data is considered a processing activity.\u003C/p>\r\n\u003Cp>Within the register, it is necessary to provide several pieces of information for each processing activity:\u003C/p>\r\n\u003Col>\r\n\u003Cli>\u003Cp>\u003Cstrong>Purpose of data collection:\u003C/strong> Each collected data must have a specific purpose, guiding its use. If data is not used in accordance with this purpose, it is advisable to remove it from the database.\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>\u003Cstrong>Legal basis for collection:\u003C/strong> Each data collection must be authorized, whether by the consent of the concerned individual, legal obligations, contracts, or legitimate interests. The legal bases for collection are defined in Article 6 of the GDPR.\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>\u003Cstrong>Data retention period:\u003C/strong> The data retention period must be justified based on the purpose of the processing. The CNIL provides a reference framework to help determine this duration.\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>\u003Cstrong>Persons with access to data:\u003C/strong> It is important to identify authorized recipients with access to the data, including subcontractors. Only competent persons should have access to the data.\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>\u003Cstrong>Implemented security measures:\u003C/strong> Security measures must be implemented to ensure data protection.\u003C/p>\r\n\u003C/li>\r\n\u003C/ol>\r\n\u003Ch2 id=\"develop-and-update-privacy-policies\">5. Develop and update privacy policies\u003C/h2>\r\n\u003Cp>This document is now essential! It informs your users, customers, and partners about how you manage their personal data and the measures taken to ensure its protection.\u003C/p>\r\n\u003Cp>Privacy policies must be transparent and easily accessible. They should clearly explain:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>The reasons for data collection;\u003C/li>\r\n\u003Cli>The specifics of the processing activities performed;\u003C/li>\r\n\u003Cli>The procedures for exercising their rights;\u003C/li>\r\n\u003Cli>The list of subcontractors, etc.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>It is important for these policies to be reviewed and updated regularly.\u003C/p>\r\n\u003Ch2 id=\"implement-technical-and-organizational-measures\">6. Implement technical and organizational measures\u003C/h2>\r\n\u003Cp>The GDPR requires appropriate technical and organizational measures to be implemented to ensure the security of personal data. This may include the use of encryption, pseudonymization of data, enhanced computer security protocols, and processes to ensure data confidentiality, integrity, and availability.\u003C/p>\r\n\u003Ch2 id=\"raise-awareness-and-train-staff\">7. Raise awareness and train staff\u003C/h2>\r\n\u003Cp>For better collaboration, it is crucial to train all employees on the principles of the GDPR and good data protection practices. Each employee handles personal data in the course of their duties. Therefore, commercial, HR, marketing, legal, etc., departments must contribute to the collective effort of identifying and processing data. Regular training sessions can help raise awareness among employees about the risks and responsibilities associated with data processing.\u003C/p>\r\n\u003Cp>Here are our best tips for engaging your employees:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>\u003Cstrong>Identify obstacles and training needs of the teams.\u003C/strong>\u003C/li>\r\n\u003Cli>\u003Cstrong>Organize targeted training actions for different segments of employees.\u003C/strong>\u003C/li>\r\n\u003Cli>\u003Cstrong>Monitor the progress of each team.\u003C/strong>\u003C/li>\r\n\u003Cli>\u003Cstrong>Regularly remind them of good GDPR practices\u003C/strong>.\u003C/li>\r\n\u003C/ul>\r\n\u003Ch2 id=\"implement-data-breach-management-procedures\">8. Implement data breach management procedures\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/55431f0e-7a0a-428b-a175-7184277ea505/image-original.png\" alt=\"image.png\" />\u003C/p>\r\n\u003Cp>The GDPR requires notifying any data breach to the competent data protection authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.\u003C/p>\r\n\u003Cp>It is therefore essential to have procedures in place to detect, report, and manage data breaches.\u003C/p>\r\n\u003Cp>With Dastra, Manage your data breach register and improve your security.\u003C/p>\r\n\u003Cdiv class=\"content-btn-container\">\u003Ca>\u003C/a>\u003C/div>\r\n\u003Ch2 id=\"facilitate-the-exercise-of-individuals-rights\">9. Facilitate the exercise of individuals' rights\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/de27b5ea-29f5-4b04-ab4c-b0dfd4905337/image-original.png\" alt=\"image.png\" />\u003C/p>\r\n\u003Cp>Individuals have specific rights regarding their personal data, such as the right of access, rectification, erasure, and data portability. One of the key elements of the GDPR is to give individuals control over their personal information. For this reason, each person has specific rights regarding their personal data:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/fr/guide/droit-dacces/52264\">Right of access\u003C/a>: Allows a user to know the progress of their data processing.\u003C/li>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/fr/guide/droit-de-rectification/52274\">Right of rectification\u003C/a>: Allows modification and correction of personal data.\u003C/li>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/fr/guide/droit-dopposition/52272\">Right to object\u003C/a>: Allows to object to the use of their data for a specific purpose.\u003C/li>\r\n\u003Cli>Right to erasure or \u003Ca href=\"https://www.dastra.eu/fr/guide/droit-a-loubli/52270\">right to be forgotten\u003C/a>: Enables obtaining the erasure of personal data.\u003C/li>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/fr/guide/droit-a-la-limitation-du-traitement/52275\">Right to restriction\u003C/a>: Allows temporarily stopping the use of data.\u003C/li>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/fr/guide/droit-a-la-portabilite-des-donnees/52271\">Right to data portability\u003C/a>: Allows a person to retrieve part of their data in a readable format for personal use or to transmit it to another organization.\u003C/li>\r\n\u003Cli>\u003Cstrong>Right to human intervention\u003C/strong>: Allows requesting human intervention in case of profiling.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>Companies must establish procedures to enable individuals to easily exercise these rights.\u003C/p>\r\n\u003Cp>For this, it is necessary to establish practical methods (online form, dedicated contacts), an effective internal process for handling requests, and a comprehensible and accessible response process for the individuals concerned.\u003C/p>\r\n\u003Cp>With Dastra, automate the management of data subject requests!\u003C/p>\r\n\u003Cdiv class=\"content-btn-container\">\u003Ca>\u003C/a>\u003C/div>\r\n\u003Ch2 id=\"document-compliance\">10. Document compliance\u003C/h2>\r\n\u003Cp>Documentation is a key aspect of the GDPR. Companies must keep records of their data processing activities, risk assessments, implemented security measures, and evidence of compliance. This documentation may be requested by data protection authorities.\u003C/p>\r\n\u003Cdiv class=\"content-btn-container\">\u003Ca>\u003C/a>\u003C/div>\r\n\u003Ch2 id=\"choosing-a-suitable-gdpr-tool\">Choosing a suitable GDPR tool\u003C/h2>\r\n\u003Cp>Complying with the GDPR may seem complex, but by following these steps, you can effectively structure your approach as a company and reduce the risks of non-compliance.\u003C/p>\r\n\u003Cp>The key is to make data protection a priority and integrate GDPR compliance into the company culture.\u003C/p>\r\n\u003Cp>And for that, we invite you to choose a GDPR tool adapted to your needs! Contact our experts!\u003C/p>\r\n\u003Cdiv class=\"content-btn-container\">\u003Ca>\u003C/a>\u003C/div>\r\n","Applying the GDPR in business - The steps","For businesses, GDPR compliance is essential not only to avoid fines, but also to gain the trust of customers.",1753,10,"Enforcing GDPR within a company",0,null,"en","enforcing-gdpr-within-a-company","For businesses, GDPR compliance is essential not only to avoid fines, but also to gain customer trust.","Published",{"id":19,"displayName":20,"avatarUrl":21,"bio":13,"blogUrl":13,"color":13,"userId":19,"creationDate":22},10458,"Marine Boquien","https://static.dastra.eu/tenant-19/avatar/10458/logo-icon-primary-150.png","2023-10-02T14:39:10","2024-07-30T06:00:00","2024-07-30T13:27:14.7055395","2024-07-30T13:40:01.1321468",{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":32},2,"Blog","A list of curated articles provided by the community","blog","#28449a",[33,36,39],{"lang":34,"name":28,"description":35},"fr","Une liste d'articles rédigés par la communauté",{"lang":37,"name":28,"description":38},"es","Una lista de artículos escritos por la comunidad",{"lang":40,"name":28,"description":41},"de","Eine Liste von Artikeln, die von der Community verfasst wurden",[43],{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":44},[45,46,47],{"lang":34,"name":28,"description":35},{"lang":37,"name":28,"description":38},{"lang":40,"name":28,"description":41},[],"https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-original.png",[51,52,53,54,55,56,57],"https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-1000.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-1500.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-800.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-600.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-300.webp","https://static.dastra.eu/content/eb510687-dead-43a2-a3f0-f60d7a5f0bba/visuel-anglais-6-100.webp",57778]