Had confined itself to “examining the Safe Harbor regime without taking

Into account the internal legislation of the United States, which nevertheless prevails over this regime. As a result, companies had to set aside this regime when it was contrary to US legal requirements ”. Consequently, in a decision of October 6, 2015, known as Schrems v / Data protection commissioner , the Safe Harbor was invalidated. American law authorized the massive and generalized storage of all personal data without limitation or differentiation with Jordan Email Address regard to the objective pursued. Indeed, the interference of the American authorities was such that “the level of protection” was, in the end, only fictitious … Internal company rules (BCR) Transfers of personal data can be made between companies of the same group.

These companies can be located anywhere as long as they adopt these internal rules. Ultimately, it is an internal code of conduct adopted by all the companies in the same group. These provisions must be binding and binding on everyone. Both group entities (regardless of their location) and employees will be subject to it. This possibility is mainly intended for multinationals wishing to export data to third countries that do not ensure a sufficient level of protection.

What do you risk in the event of international transfers of illegal client-prospect files?

Article 226-22-1 of the Penal Code provides for a sanction in the event of international transfers of illegal client-prospect files. In addition, the fact of carrying out or having carried out the transfer of personal data to a state outside the European Union and in violation of the measures taken by the European Commission is punished. The penalty incurred is five years’ imprisonment and a fine of 300,000 euros. International transfers of customer-prospect files are a source of major economic challenges. In fact, most of the data is sold or exchanged. By deciding to transfer your data to third countries, you will have to check their protection system in this matter.

The General Regulation on the Protection of Personal Data , which will come into force in 2018, aims to reform this system. If you liked this article, read our article on the obligation to secure data or read our white paper on the legal aspects of lead generation. Do you want to be supported in your process of increasing your leads ? We invite you to contact our teams for more information. The next European regulation on the protection of personal data (applicable in May 2018), will extend this obligation to all data controllers (see article 33). What are the possible sanctions? The fact of generating leads without first ensuring that they are secure is penalized.

Indeed, articles 226-17 of the PC penalize the fact of not implementing

The measures prescribed in article 34 of the I&L Law. The penalty is five years imprisonment and a fine of 300,000 euros. In addition, if damage is established following a security failure, the data controller may be subject to civil liability. Indeed, article 1240 of the civil code states that “any fact whatsoever of man, which causes damage to others, obliges the person through whose fault he arrived to repair it”. Consequently, in the event of an attack on an individual’s personal data and in the event of damage, the injured party may sue the person responsible on this basis. The objective here being to obtain compensation: either damages.

The question of liability in the situation of a subcontract It may happen that a company decides to entrust certain personal data processing operations to one or more subcontractors. This term refers to any person who processes personal data on behalf of a data controller. This hypothesis is provided for in article 35 of the Data Protection Act. On the one hand, the subcontractor may only intervene on the data by order of the controller. On the other hand, the subcontractor must contractually implement all the technical and organizational measures possible to ensure optimal security of the data.

Leave a Reply

Your email address will not be published.