We had been conducting a service to audit our GDPR compliance.

And this is a brief summary of topics related to situations and processes

• There is a folder in our GDRIVE with all materials: [link]
• In that folder there are three important groups of information:
  • Cláusulas y contratos: that includes all sorts of materials to be used when needed. This folder informs about how to use data and held others for the use. Use cases for hiring, external collabs., new members, etc.
  • Procedimientos: guides and procedures to follow when there are leaks of information, hiring process, etc.
  • Informe + inventario de sistemas: central documents with an audit of our systems.

What to have in mind in this situation:

• Hiring:
  • Please read the procedure for Selección y Contratación de Personal on the folder. (Everybody involved in hiring must do this)
• Working with an external collaborator:
  • Make them sign our agreements for external collaborators. (Everybody working with external collabs. must do this)
  • Store those agreements in the folder: [link].
• For a customer asking for access to their data:
  • Check the Ejercicio y Atención de Derechos procedure.
• If a data breach has occurred:
  • We are forced to react in less than 72 hours, please communicate with the Operations Manager and Partner Success Manager.

Any questions, please ask Operations or communicate with our law firm advising on this, always CC'ing the Exec Manager.