GDPR & Right to digital oblivion
How it works ? How to be in good standing with the GDPR? What does the law say about the right to digital oblivion First, before talking about the right to digital oblivion , we must look at the European Regulation on Personal Data . Since May 25, 2018 , new regulations on the management of personal data have applied in all French companies. The European data protection regulation more commonly known as the GDPR . Note that the law on the Martinique Email List right to digital oblivion is the result of this European regulation. What is the GDPR used for? This text strengthens the rights of individuals.
But also also introduces a greater responsibility of companies on the conditions of collection of personal data. Indeed, now companies must request authorization from their prospects and customers in order to be able to send them news and information. Gone are the days of sending anything and everything by email, you now need the consent of the said person. Also, the company becomes responsible for the protection of GDPR data . Thus it becomes a fundamental change that concerns all forms of business structures including VSEs & SMEs.
Moreover, also discover the scope of RGPD BtoB
Severe penalties in the event of non-implementation of data protection RGPD sanctions: beware of the very heavy financial fine! The GDPR does not only strengthen the obligations that weigh on file managers. And it also provides for tougher sanctions. Thus, in the event of a serious breach, a fine of up to 20 Million Euros or 4% of the company’s turnover. However, the CNIL should be lenient with the first companies inspected under the guise of modifying their operation. How to comply with the GDPR? How to comply with the GDPR?
First, what is personal computer data? Personal data is information that allows, by itself or by crossing it with other data, to identify a person either directly (name and first name for example) or indirectly (telephone, email, postal address, photo, audio recording , fingerprints or DNA analyzes). As soon as it gathers this type of information, a file is considered to be a processing of personal data and must therefore be constituted in accordance with the GDPR . Audit of your current system for GDPR compliance First of all, take stock of what exists in your company in order to comply. In this case, do you have data files such as prospects & customers? Or your employee file and pay slips?
All of these files must be identified and recorded in the internal GDPR register
More information on the CNIL white paper on the register to be kept . Then appoint a data protection officer (DPO) internally This is a recommendation from the CNIL . And the same goes with the appointment of a data controller . For organizational reasons, it can obviously be the same person. This person must be mentioned in the general conditions of use of the company’s website in order to facilitate their identity quickly. He will be the internal manager of your company’s sensitive data collection. Also, he will have the task of informing the authorities in the context of data breaches of your company.
He will have 72 hours to inform Secondly, identify the actions to be taken It could not be easier ! All you need to do is ask yourself a few basic questions to help you make the decision. First of all, what are the needs of my company with regard to this personal data? In the event that you have in your possession old files that you no longer use, such as a list of prospects or an exhibitor file retrieved from a trade show … If so and we no longer need them: delete those files! Then check each type of information collected and ask yourself if it is needed to be processed.