All blogposts

One year on: update on GDPR compliance at VO by Véra

01 July 2019
VO GDPR

One year on from the introduction of the General Data Protection Regulation, or GDPR for short, VO Group gives you the low-down on all the actions it has taken to protect and respect its clients’ personal data.

Respecting personal data is an ongoing process

Here at VO, a series of measures was put in place before the 25 May 2018 deadline, including:

  • Making all of the group's websites compliant
  • Sending all of our clients and prospects our privacy policy, which can also be found on all of the group’s websites. This policy outlines the types of personal data we process, where it is stored, why we collect it, and what rights people have over this personal data
  • Setting up a dedicated email address within each entity to answer questions

It is constantly on our team members’ minds

Since 25 May 2018, we have taken actions such as:

  • Creating a “processing register”, a document that lists all of the types of personal data we process (employees, accounting, marketing, etc.) and the purpose of the processing
  • Implementing technical security measures, in particular IT measures
  • Taking other organisational security measures, with a particular focus on the human side of things by running information sessions to raise awareness within the group and by distributing our privacy policy. In tandem, we have drawn up documents aimed at team members and published a list of “best practices” on the group’s intranet site

Different actions have cropped up in different agencies

  • Voice has focused on managing personal data in digital projects, including data collected via social media. “When a user visits the Voice website, their personal data is only captured if they accept cookies,” explains data manager Hubert Canart
  • At events agency VO Com, everything to do with managing registration and taking photos and videos at events is now subject to strict GDPR-compliant processing. The same is true for all marketing towards minors (the digital age of consent in Belgium is 13)
  • At the Brussels Drohme Golf Club, special emphasis has been placed on managing members’ personal data

All of this is taking place within the specific context of VO

In a nutshell:

  • No entity processes sensitive data concerning minors, health, sexual orientation, political opinion, finances, etc.
  • There is a data manager to answer questions from both team members and the public
  • We also work directly with clients by signing data processing agreements

In conclusion, respecting the fundamental principles of GDPR is a key concern at VO and we are proud, one year on from the enforcement of GDPR, to be on the right track.