As part of your activity, you will have to generate a large number of leads . You will then find yourself in possession of various information concerning your customers or future customers. The question of data security will then arise. In fact, improper use of this information can lead to breaches of the privacy or even the integrity of the person concerned. This is why the Data Protection Act of 1978 imposes on the manager an obligation to secure the Grenada Email List data that he will have to process. In particular, it will be the responsibility of the manager to carry out impact studies in order to determine an adequate protection of the leads. What exactly do we mean by “security obligation”? When does it intervene?

What are the consequences of this obligation? Why such an obligation? By generating leads you collect and store personal data of individuals. Any risk of hacking or unauthorized disclosure can adversely affect their daily lives, their privacy or their reputation. Your business must act in advance and ask the following questions: What will be the consequences on the privacy of the data subject in the event of illegitimate access to their data? In case of disappearance? In case of alteration? It will have to measure the plausible seriousness of each of these situations in order to define adequate protection measures. The data controller must do everything to ensure the security of the data in his possession.

In the event of a breach, the company must demonstrate

That it had done everything to avoid it. No one is immune to a previously unknown hacking mode. On the other hand, if the person in charge had not carried out a security update while it was available, he will face prosecution … What does the law say about data security? data security in lead managementArticle 34 of the Data Protection Act provides that “the controller is required to take all necessary precautions with regard to the nature of the data and the risks presented by the processing” to ensure their security. Thus, the person who collects personal data must do everything to ensure that they are not distorted, damaged or that third parties have access to them without authorization.

This obligation is a prerequisite for any lead generation! You should not start collecting data without being sure that you can guarantee its security! This may involve prior checking, for example, of the computer hardware and software that will receive this data. What about European regulations? The Directive 95/46 / EC takes this safety requirement. Its article 17 states that “Member States provide that the controller must implement the appropriate technical and organizational measures to protect personal data”. Personal data must not be destroyed accidentally or intentionally, nor lost, altered or even disseminated. In practice, how do you secure your data? The National Commission for Informatics and Freedoms has issued a number of recommendations in terms of data security. You can access it on its website.

You will find there, in the form of themes, the various key measures to be adopted in this area

What are you risking in the event of failure? What is the difference between a vulnerability and a security breach? Article 34 bis of the Law defines a personal data breach as “any breach of security resulting in accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to data. “personal. The security breach, on the other hand, does not necessarily lead to a data breach. Indeed, the flaw corresponds to a defect that can be corrected. Therefore, if the maintainer fixes the flaw in time, before it can be exploited, then he can prevent the security breach. How to react in case of failure? When a security breach is observed, the person in charge must inform the CNIL without delay. This obligation to notify security breaches is provided for in article 34 bis of the Data Protection Act.

If this violation risks invading the privacy of the individual, the person in charge should inform this as well. In addition to this mandatory notification, the person in charge must do everything to put an end to the violation. Note : For the moment, this notification obligation only concerns “providers of electronic communications services to the public”. No legal provision defines this expression. However, it is customary to retain internet service providers as well as telecom operators.

Leave a Reply

Your email address will not be published.