What is the GDPR ?

The 2 main principles of the General Data Protection Regulation (GDPR).

 

Whether you are a company manager or a marketer, you have surely heard about this new legislation. It was voted in the European Parliament in 2016, it will be implemented throughout the European territory and it will be effective for all companies working in Europe or with a European company. It will come into force on May 25, 2018.

The purpose of this new regulation is to give new practices to professionals and individuals on the web to ensure that all individuals control and protect personal data that are scattered during our browsing on websites.

The 2 main principles of the General Data Protection Regulation (GDPR).

If ever we could summarize them are

  • Respect for privacy;

  • Data protection people;

 

In the practical sense, we will find a legal and security aspect.

  • The legal aspect

All companies must be able to prove that they are compliant, that they only work with companies that are themselves compliant with the GDPR. There is therefore a physical impact in the premises as well as in the way of working that must change to be compliant.

  • The security aspect

The data security policy is an important aspect of RGPD (GDPR) compliance. The company must take the organizational and technical measures to ensure the highest level of data security people it manages.

In addition, it is a question of guaranteeing the integrity of the information system, its availability and its resilience in case of incident. Companies must be able at all times to prove that they are in compliance with the legislation. And like quality management systems, it is up to companies to document their compliance with the GDPR.

As such, they must maintain the processing register and any other document proving its conformity.

  • The register of PIAs;

  • A detailed document on security policy;

  • A document explaining the internal process;

  • As well as the proof of consent;

 

What is personal data?

From the point of view of the definition itself: Is considered as a personal data any data that can directly or indirectly identify an individual

  • From a direct point of view, we can identify a user with

    • His name ;

    • His first name ;

    • His email address;

    • His telephone number ;

    • Any type of demographic data (age, sex, interests, etc ...);

    • And geographical (dwelling, workplace, position, etc ...);

  • From an indirect point of view, we can identify a user with

    • His IP address;

    • His behavioral data (actions conducted on a website, such as visits or clicks);

    • Even data shared on its own initiative, such as uploading a photo or a like, is also included in this definition;

 

What are the penalties?

Prior to the implementation of the GDPR, there were penalties for companies that did not pay sufficient attention to the personal data of the general public.

In 2017, the company Web Editions, is fined 25 000 € for personal data accessible via a change of URL on the websites that he managed.

In the same vein, the CNIL imposes a fine of 100,000 € on Darty.

But the GDPR, comes to change and strengthen drastically all sanctions already in place. It is expected that they will be able to reach up to 4% of the turnover of the company concerned and / or up to 20 million euros of its turnover.

Various articles on the GDPR that could interest you ...

ma.org", "@type": "Person", "name": "DPO-RGPD.NET ", "url": "https://uk.dpo-rgpd.net", "sameAs": [ "https://www.linkedin.com/company/dpo-rgpd-net/", "https://www.facebook.com/Dpo-rgpdnet-407001846454883/?modal=admin_todo_tour" ] } /body>