What is the GDPR (General Data Protection Regulation) ?

GDPR is the General Data Protection Regulation, a new European regulation that went into effect on May 25, 2018.

The RGPD law consolidates the law ° 78-17 of January 6, 1978 on data processing, files and freedoms in force in France, and develops the rights of citizens by giving them more control over their data and supports the obligations of all companies.

Its objective is to fight against the risks impacting the privacy of users.

Which companies are affected by the GDPR ?

All companies responsible for processing personal data are concerned by the GDPR. Information that can identify a person is considered as personal data: name, address, date of birth, location, IP address... As soon as the company stores this data (whether in the form of a file, table, etc.), it is concerned.

The obligations

• Request explicit consent from the end user for the collection of data.
• Companies must allow users the portability of personal data
• Appoint a Data Protection Officer (DPO)
• Allow users to delete their data.
•Inform users of the processes used in the context of this regulation.

Read also: Thin client: Lighten your workstation

Complex compliance via internal processes

• Definition of "personal data": customers, prospects, suppliers, employees.
• In the event of data leaks, companies will have to notify injured third parties by registered letter with acknowledgment of receipt.
• Notify quickly (ideally within 72 hours) the competent authority, the CNIL in France.

CNIL sanctions

The regulation extends the CNIL's power to impose sanctions. It will now be able to impose fines of up to 20 million euros or 4% of the worldwide turnover of the company concerned.