GDPR process descriptions for consumer rights
THE REQUEST
Upon the introduction of new GDPR legislation on 25 May 2018, consumers will enjoy new rights with respect to the use of their personal data. In response to requests made by consumers to exercise these rights, the relevant processes have to be set up and documented.
OUR APPROACH
I started by making an inventory of consumers’ rights and possible requests they might have. A great deal of information can be found about this online, but the privacy statement and privacy policy of consumers play key roles. Based on my inventory, and in collaboration with the client, I identified the processes and systems that are currently involved. Wherever necessary, system adjustments were defined and discussed with software providers, business partners and internal scrum teams. For the complete coordination of all the requests, we decided to set up a dedicated coordination desk, the arrangement of which was particularly important because it had to correctly process all these requests. The processes that were currently in place were not efficient enough to carry out the requests. For this reason I defined a new process for every type of request, seen from the perspective of the new coordination desk. Wherever possible, existing processes were included as sub-processes.
Given that the employees and the management had many questions about the new legislation, it was important to ensure they didn’t stall in their efforts to comply with it. Wherever this seemed likely to happen, I ensured that at least a basic framework was in place, thanks to the use of examples and proposals. Details could then be filled in more easily at a later stage.
THE RESULT
As was previously agreed, by the end of the assignment we delivered all new process descriptions, which were then documented in the client’s business processes modelling tool. Thanks to these documented process descriptions, the client is now in a position to deal with incoming requests about privacy. The coordination desk has been set up and is ready to process incoming requests as soon as they start arriving. The client, meanwhile, can comply fully with this part of the GDPR.
WHAT OPPORTUNITIES DO YOU SEE?
We’d like to hear from you.
Call us on 020 – 226 01 10 or send an e-mail to info@itds.nl.
WHAT CLIENTS SAY
RELATED cases
Show all casesRELATED SERVICES
Show all servicesLegislation and Regulation
The Dutch and European authorities come with new regulations that you have to comply with every year. We all embrace the motives for this: privacy, comfort, transparency. But the implementation of these regulations has consequences for your operation, from administration to reporting. Above all it takes time and energy to keep your knowledge up to date on the changes and their implications. This all imposes a heavy load on your organisation. But we prefer to see it as an opportunity to make your organisation ready for a transparent and client focused future. Our experts deal with these challenges every day. Together with you, they will quickly determine the impact of new laws and regulations so that you can quickly return to focussing on innovation and development.
read moreGeneral data protection regulation (GDPR)
We map all your processes and systems with our GDPR Assessment, then we determine where privacy sensitive data is present and add them to the requirements of the GDPR. Within four weeks, you know where you stand – and what you have to do. We can also assist you with implementation, whether it be drafting editing agreements, setting up a data registry, performing PIAs or mapping and realizing system adjustments: our GDPR Support Team is waiting for you.
read morePayment Service Directive 2 (PSD2)
PSD2 makes it possible to share account information with other companies and you can also let other companies make payments. The purpose of the directive is to make payments easier and safer. It also brings new rules with it for authentication and detecting fraud. Food for thought. What does it mean to you as a bank if someone like Apple develops a successful banking app? And will your role change if Amazon can make payments? We would like to share the consequences with you. From technical consequences to communication with the account holder.
read more