I’m Olivier and I’m the Managing Director of a Software-as-a-Service company based in Belgium.
In June 2016, after one glass of Chardonnay, a good friend of mine (who is also a legal advisor specializing in compliance) told me about GDPR for the very first time. She warned me that it would be tough for companies to be ready on D-Day. The final approval by the EU Parliament had occurred just a few weeks before.
I started my GDPR journey by reading all the information available on the Internet; mostly alarmist websites published by lawyers, legal counsellors and consultants who wanted to sell their services at a high price. At that point, I was wondering…
Wow… it’s going to be tough. How can I prepare my business for this new regulation?
So, I started with the official document Regulation (EU) 2016/679 of the European Parliament and of the Council. Under this lovely name, you find a complex document of 88 pages and 99 articles which is quite difficult to translate into an action plan for a small company or a small non-profit organization.
I attended many GDPR seminars, training, meetings with consultants and lawyers and found out additional key sources of information like the advice given by the Article 29 Working Party (WP29). As I dug deeper in the regulation, it became clearer and clearer:
Being ready for GDPR is not so difficult, but we have to be pragmatic in our approach.
I assembled notes and documents in Evernote and started crafting templates for the documents required while making my company ready for GDPR. I discussed our challenges with friends who are also managing small- and medium-sized businesses (SMBs) and gave them access to my notes in order to help them achieve the preparation in their business.
Some of them suggested I write a book because it would help a lot of people. This is the reason why you are reading this story today.
I hope the handbook and the templates will help you and support your implementation of GDPR in your company.