_edited.png)
GDPR compliance for SPSTI
SPSTIs and the GDPR: what are the issues?
The field of occupational health and safety has been undergoing constant and rapid change for several years now. Since the strengthening of the prevention aspect, one law after another has been passed to develop practices that protect workers' health.
These regulations, of which the certification requirement is the most recent layer in the jigsaw, place increasing emphasis on data protection and compliance with the GDPR, which is perfectly logical given the recent use of NIS by SPSTIs, the opening up of their access to the DMP, etc.
In this context, compliance is taking on a central role in the movements underway, and is becoming an essential condition for each SPSTI to be able to sustain its activity over the coming years.
Specific support arrangements
Our team takes a number of specific aspects into account when assisting SPSTIs with compliance, or taking on the role of outsourced DPO (including a support component):
-
The administrative teams have little time to spare, as they are busy with the workload involved in the above-mentioned changes.
-
Medical teams have little time to spare, impacted by the severe lack of medical resources felt by all the SPSTIs without exception.
-
The specific nature of the relationship between the SPSTI and its users, who are companies that are members of an association, must be taken into account in communications with the various stakeholders.
-
Support for the certification project, and for maintaining it, must be proactive.
-
Awareness-raising on the subject of data protection should be offered to both the management and the Board of Directors.
The outsourced timeshare DPO for a SPSTI
The Data Protection Officer (DPO) is responsible for managing the organisation's compliance with the GDPR and ensuring that it is maintained over time.
A timeshare DPO has the particularity of sharing his or her working time with several organisations. This flexible service allows you to call on the services of an expert DPO when you need them (from 1/2 day per month), and to pay only for the time actually worked by our teams.
This service includes :
-
Information, support and advice for the organisation.
-
Checking the compliance of data processing carried out, as well as overall compliance with the GDPR in terms of personal data protection.
-
Training and awareness-raising for employees and management teams.
-
Point of contact with the supervisory authority (CNIL).
-
Maintaining the organisation's data processing register, as well as other necessary registers (register of subcontractors, register of exercises of Data Protection Rights, etc.).
-
Organising internal procedures and responding to requests from your users and/or customers to exercise their Data Protection rights.
Why choose us?
-
For our excellent understanding of healthcare.
-
For our ease of communication with doctors.
-
This service is managed by David Rozier, a senior DPO who has worked for Grenoble Alpes University Hospital.
-
Because we already work with several SPSTIs.
-
For the close collaboration between our GDPR compliance experts and our cybersecurity experts.
Are you an SPSTI and need to work on your regulatory compliance with the GDPR?
THE USECASE
Find out more about our GDPR compliance services for SPSTIs in this customer case study. It consists of a customer case study sheet, a business sector presentation sheet and a product sheet for the associated service!
​
Would you like to read this content in English? Just click here!
WHAT THEY SAY
Discover the testimonies of some of our clients (all are SPSTIs) regarding our outsourced DPO service on a time-sharing basis.
Frédérique Guede, Head of operational organisation at PST38
"I'm not sure if the offer that is made exists with other providers [...]. It is a complete handling that I have not found elsewhere [...]. Mr Rozier knows how to put us at ease, how to listen to us in order to understand our problems, the way we work, the specificity of our service, so as to respond to us in the best possible way, and so as to enable us to continue to work efficiently."
