SINOUÉ Sinoué logo

Contact us | Directory of professionals
Directory of professionals
Home > SINOUÉ, ACTOR OF MENTAL HEALTH > Compliance management

Personal data management - 4 major goals :

In terms of personal data management, the General Data Protection Regulation (GDPR) sets 4 major goals :
 


  • enhanced data control: the rights of European citizens are strengthened by giving them more control over the provision of their personal data ;


 

  • harmonization: the legal framework is unified for public and private bodies that process personal data ;


 

  • proof: compliance with the requirements of the regulations must be proven ;


 

  • sanctions: the obligations and the risk of sanctions are reinforced.


The GDPR in practice

The application of the GDPR is done through 4 concrete pillars:


  • User consent : it must be explicit and obtained from the user before any use of personal data;


 

  • The transparency and lawfulness of the processing of personal data;


 

  • Data protection from the design of the processing also designated by the concept of “Privacy by design”;


 

  • Access and portability : data must be able to be recovered and communicated to a third party;


 

  • The possibility of rectification and erasure of data at the request of the person;


 

  • Compliance of subcontractors with regulations.


GDPR - The function of Data Protection Officer

The Data Protection Officer (DPO) is a new function within companies having to process the personal data of individuals. It replaces the IT and freedom correspondent.
 
The DPO is thus the privileged interlocutor of the National Commission for Information Technology and Liberties (CNIL).
He is responsible in particular for:


  • to map the processing of personal data;


 

  • analyze the level of compliance and the level of risk;


 

  • build a compliance action plan;


 

  • help the data controller to implement the action plan;


 

  • to train employees and maintain compliance over time;


 

  • to respond to requests from data subjects;


 

  • to formulate opinions on all issues inherent in the protection of personal data.


The SINOUÉ Group and the GDPR

The SINOUÉ Group has chosen to appoint an internal Data Protection Officer (DPO). The latter has the advantage of daily proximity and global visibility which allow it to be more easily identified and associated with data protection issues. He will also be able to manage a network of designated referents for each establishment.
On the other hand, good knowledge of its environment and internal organization allows it to quickly identify the interlocutors to be contacted.
Considering the necessary skills in risk management and mastery of evaluation techniques, combined with expertise and judgment capacities in all objectivity and independence, with probity and discretion, the Sinoué group decided to appoint DPO as the management coordinator risks associated with care (dpo@sinoue.com).
The DPO relies on a steering committee for strategy and decision-making as well as on a network of referents in each establishment for the operational implementation of compliance measures.
These measures are based in particular on the establishment of various registers, the inventory and analysis of treatments, the performance of audits, the formalization of impact analyzes, and training and awareness-raising actions.
Maintaining compliance over time is a guarantee for the protection of the privacy of patients, users, collaborators and employees through the data they entrust to us.