Make your municipality GDPR-compliant: 3 to dos

A large number of administrative actions ensue from the General Data Protection Regulation (in Dutch AVG, in English GDPR) your organisation is still resisting and time is running out. Organisations must bring their operations in line with the GDP before 25 May 2018.

You have undoubtedly already taken the necessary steps to improve data protection within your municipality. But perhaps this is not enough for compliance with the GDPR. How can you be sure that you are meeting all the requirements? Keeping an overview is important in this respect. In this blog we provide a clear picture of the steps you need to take in order to be ready for the new law.

Phased Plan


Start by putting together the right team. The ideal core team consists of a lawyer, a privacy expert and an IT professional. They involve the responsible managers and content specialists in each department.

1. Gaining insight

Map all data flows. As there can be a lot of these, it is sensible to start with the most important or most sensitive data streams. This provides insight into the structure and infra systems of the municipality. Questions you have to ask in this context include:
  • What data are we collecting, at which location?
  • Where and how do we store these data?
  • Who receives or has access to these data?

This enables you to gain insight into the infrastructure and systems of your organisation.

2. Determine the impact on the organisation

In order to properly assess the impact of these data streams, and therefore the risk associated with them, you first need to know how sensitive the data are. Every municipality processes large quantities of privacy-sensitive data. You are required to log these data in a processing register. This forces you to think about what personal data you store, their purpose, retention period and security. If you set up the processing register in accordance with the guidelines, you fulfil the obligation to register within the GDPR.

When all data flows, including the impact of the data, have been mapped, the team checks them against the GDPR by means of a gap analysis. You compare the current situation with the desired situation. This results in measures to fill the gaps. In some cases, internal guidelines are already available for this, which you can update. In other cases it is necessary to draw up new rules.

3. Forming and maintaining policy

The register and the gap analysis form the basis for drawing up additional policy. Based on the register, you draw up a privacy policy for both external stakeholders and your own employees. You make this policy available to everyone involved. The policy is intended to inform the parties concerned in advance about the personal data that you collect, and to inform them of their rights. Municipalities usually include the internal privacy policy in the internal regulations, and make it available on the intranet. This makes it easy for employees to consult them.

In order to ensure that employees comply with the rules in the privacy policy, it is necessary that the privacy rules come alive for them. They must become part of day-to-day practice. A data protection officer supervises compliance with the GDPR. A municipality is obliged to appoint such an internal privacy supervisor. Repeated training is also required for all employees who work with personal data. If you make them aware of the possible privacy risks of their work and combine this with a secure design of applications, secure communication flows and the use of secure tools, you will have taken major steps towards achieving a GDPR-compliant municipality.

 

GDPR Checklist

Our GDPR Checklist contains the necessary steps towards GDPR compliance. It addresses in greater detail the drafting of a processing agreement, obtaining permission for the processing of personal data, the security measures to be taken and the obligation to report data leaks.

GO TO THE GDPR CHECKLIST

RELATED
5_practical_tips_to_securely_share_personal_data_zivver_blog_en-1

5 practical tips to securely share personal data

Tip 1: Make sure the policy is clear What information do you need to send securely? Through which channel and with what security? Employees want to do things the right way, but don’t want to have to reinvent the wheel per situation. They have other things to tend to! So give them a clear overview of all the types of information your organization shares. Add a roadmap […]

Read more
All_it_takes_is_one_human_error_to_compromise_your_organizations_reputation_blog_zivver

All it takes is one human error to compromise your organization's reputation

Professionals understand the value of their companies' reputation. Firms with a powerful and positive reputation attract better employees, partners, and clients. They're regarded as offering additional value, which usually allows them to impose a premium. Customers tend to be more dedicated and purchase broader ranges of services and products. As the industry believes […]

Read more
All_it_takes_is_one_human_error_to_compromise_your_organizations_reputation_blog_zivver

All it takes is one human error to compromise your organization's reputation

Professionals understand the value of their companies' reputation. Firms with a powerful and positive reputation attract better employees, partners, and clients. They're regarded as offering additional value, which usually allows them to impose a premium. Customers tend to be more dedicated and purchase broader ranges of services and products. As the industry believes […]

Read more
The User Representatives - Always here to help you!

The User Representatives - Always here to help you!

  At ZIVVER the success of our customers is paramount! For that reason, we have a dedicated Customer Success team to help our customers maximize their value from our product. Part of the Customer Success team are the User Representatives. Their ultimate goal is to create happy ZIVVER users, by solving all issues, providing information and representing their voice […]

Read more
gdpr_it’s_gonna_be_fines_zivver_en_blog

GDPR: IT’S GONNA BE FINES!

With the inception of the GDPR in May 2018, several companies and their offices were not, and many are still not ready to be compliant with the enhanced European privacy rules and were scared for the potential high penalty payments. This fear was not without grounds. […]

Read more
Introducing-open-conversation-starters-A powerful-new-feature-live on ZIVVERs-platform-blog-eng

Introducing open conversation starters! A powerful new feature from ZIVVER.

One of ZIVVER's most convenient and unique features is the conversation starter. It allows people who don't have an account (guest users) to take the initiative for a conversation with a ZIVVER user, in the same secure email environment. It protects both senders and recipients from possible data leaks caused by guest users. […]

Read more