What is the GDPR?
On May 25, 2018, the General Data Protection Regulation (GDPR) will be applicable. It replaces the Data Protection Act (1978 and 2004). In fact, many reporting formalities to the CNIL will disappear. In return, agency accountability will be strengthened. They will have to ensure optimal data protection at all times and be able to demonstrate this by documenting their compliance (Source CNIL).
The GDPR is a European regulation aiming to reinforce the protection of personal data*: those of the company’s employees, customers, suppliers. Personal data collected on a website via a contact form for example are therefore concerned.
The rights of the citizen are placed at the heart of this regulation, which are strengthened (right of access, rectification, right of portability, withdrawal of consent).
All companies, public bodies and communities are affected by this regulation.
Warning: Companies will have to protect the personal data they hold. In the event of an incident, the company will be obliged to report the intrusion, theft or loss of data within 72 hours or face a fine of up to 4% of annual turnover or €20M.
*Definition of personal data: Personal data is any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more elements that are specific to him. To determine whether a person is identifiable, it is necessary to consider all the means of identification available or accessible to the controller or any other person.
How to prepare for the GDRD?
On its website, the CNIL has summarized the six steps to RGPD compliance:
- Appoint a DPO (Data Protection Officer) or, failing that, a data controller. As a privileged interlocutor, his tasks will be to inform, advise and control data protection
- Mapping your personal data processing
- Prioritize the actions to be taken to be in compliance
- Managing risks
- Organize internal processes
- Document compliance
Anaximandre is GDPR compliant, having mappedits data flows and drawn up its data register. For information, our DPO is Stéphane PERON, Developer.
If you would like more information and advice on how to make your company or organization compliant. Do not hesitate to contact us