Popular topics
Follow Us
a man flying through the air while holding a briefcase.

5 tips to successfully comply with GDPR for your town hall

Table of Contents Hide
  1. Why is GDPR compliance for your town hall essential?
  2. GDPR – A shared DPO is the solution
  3. IT security – together, we are stronger.
  4. Managing online relationships is like real life.
  5. How to efficiently manage GDPR compliance for your website?
  6. Conclusion: GDPR compliance for a municipality made easy

Given the increasing risks associated with your activity, your town hall must integrate the GDPR and ePrivacy Directive. Stay calm because the trend is towards resource pooling: the Data Protection Officer and IT tools. And to manage your website’s compliance, do it in real life. We’ll tell you everything.

Why is GDPR compliance for your town hall essential?

Let’s not kid ourselves; the public sector has been slow to catch up. Despite the entry into force of the GDPR in 2018, many municipalities still need to comply.

In 2021, the issue must therefore become a priority:

  • Because the CNIL is currently supporting the compliance of local authorities. Consequently, it issued a good practice guide in 2019 before signing a partnership charter with the Association of Mayors of France and Presidents of Intercommunalities.
  • Because they are now a prime target for hackers. Civil status, health data… your databases can be compassionate. This is why examples of municipalities being attacked by ransomware are multiplying.
  • Because with the digitalization of practices, your IT park is growing, which increases the risk. Not to mention cities that are seduced by technologies such as facial recognition…
  • Because the management of the pandemic has forced local authorities to create new data processing activities with a high level of sensitivity.

GDPR – A shared DPO is the solution

Designating a Data Protection Officer (DPO) is mandatory for all local authorities.

The DPO acts as a referent, a Swiss Army knife in protecting personal data. They will provide the necessary impetus to launch your GDPR compliance project.

And it’s essential. The heart of your activities is based on processing data from your citizens. Therefore, your staff must be adequately trained and embraces a Privacy-by-design approach.

However, this has a high cost for tiny municipalities. Fortunately, no one is forcing you to hire a full-time DPO!

On the contrary, you can benefit from the services of a shared DPO between several municipalities. This ensures expertise close to your issues without paying a high price.

IT security – together, we are stronger.

Decentralization also applies to data.

Data can therefore be scattered and multiplied, between the information systems of various municipalities in France, with a substantial risk in terms of computer security.

And if your small municipality is not very computerized, its computer and freedom issues are not negligible:

  • Excel and Word files are commonplace in many entities, scattered all over the staff’s workstations without an adequate security policy.
  • A municipality holds significant volumes of paper archives… but has a strict security policy been defined for access to your premises?

The lack of resources makes it impossible to acquire licenses to take advantage of state-of-the-art tools.

Unless these IT resources are shared, for example, at the inter-municipal communities or agglomerations level, think about it.

Managing online relationships is like real life.

Managing cookies, reviewing online forms and privacy policies, IT security… It’s not a tremendous job. Just avoid doing online what you prohibit in your municipality:

  • Do you accept intrusive advertising banners in your municipality? The distribution of wild flyers? Yet, installing free tools such as Google Analytics on your site allows advertising players to deposit cookies and collect data from your users.
  • Your data is undoubtedly kept in secure locations. The area of your site’s database hosting is also crucial. How would you react if you learned it is stored on a public cloud and servers in India?
  • In general, you only share paper documents from your constituents with yourself. That’s good. But if your website is poorly secured, it’s like letting hackers sneak into your premises through the window and steal everything.
  • No one forces you to fill out a form as soon as you enter the lobby of your municipality. In that case, why does a banner on your website ask users to accept the deposit of cookies as soon as the site is loaded? Solutions allow for the delayed display, which is less aggressive for the user experience.

How to efficiently manage GDPR compliance for your website?

Simplify your life to the maximum.

  • To manage the cookie issue, rely on a proven solution. For example, the Axeptio module takes care of this issue innovatively. You will offer a pleasant experience through which your constituents will learn about the cookies you use and decide whether or not to accept them.
  • Stop using Google Analytics, and look for more privacy-respecting alternatives better suited to your limited needs.
  • Similarly, be careful with plugins and modules provided by US players. Since the invalidation of the Privacy Shield, transferring personal data to the United States is not trivial, especially for a municipality. Think about it and favor European solutions.

Conclusion: GDPR compliance for a municipality made easy

Don’t panic. GDPR compliance is a manageable project for a small or medium-sized community.

Today, you can rely on easy-to-use tools that handle some repetitive tasks. This is particularly the case for cookies.

Get Your Website Compliant in Minutes

Tweet
Share
Share
Get more delicacies
Axeptio, for a free and informed browsing!
Axeptio insights
Total
0
Share