The processing of personal data is an operation that has become increasingly important over the years, especially with the evolution of technology. Essential for many companies for technical and economic reasons, the collection, modification or use of such personal data can, however, undermine the fundamental rights and freedoms of individuals if they are not properly framed. The GDPR intervenes at this level.
The GDPR: What is it about?
It is no longer necessary to establish a PDSR definition as the development of this initial is quite explicit: General Regulation on Data Protection. This is a mandatory text, published by the European Union on 25 May 2018, establishing the responsibility of companies for their personal data processing work. The aim of this regulation is to better secure citizens and to better guarantee their right to privacy. Non-compliance of a company’s actions with the GDPR exposes it to heavy financial penalties. The CNIL or National Commission for Information Technology and Civil Liberties monitors this compliance.
How do you know if your company is in compliance with the GDPR?
Certain points must be observed for a company to be in compliance with the GDPR. The first concerns the way in which data is collected. This collection must be fair, lawful and proportionate. All individuals concerned must be explicitly informed about the processing of their personal data and the purposes of the processing must be determined, lawful, relevant and limited to what is strictly necessary. Furthermore, certain individual rights enshrined in the text must be respected, in particular the right of access to the information collected and transparency, the right to be forgotten, the right to informed consent, etc. Last but not least, each company must keep documentation of compliance, tracing all the measures it has undertaken in the context of its data processing activities.
What are the obligations on business managers?
With the entry into force of this regulation, employers have data protection obligations not only towards consumers, but also towards their employees and partners. To this end, they have an obligation to carry out an impact study: they must consult their employees before any data processing within the company and must ensure that all the tools used in their companies respect the privacy of the latter.