Are you compliant with the rules imposed by the GDPR?
The 25 May deadline is approaching.
The GDPR (General Data Protection Regulation) is a new European regulation which introduces a number of measures to define the legal framework for the protection of personal data within the European Union. Its purpose is to strengthen EU citizens’ rights and give them more control over their personal data.
Who is affected?
This regulation applies to all businesses that collect and process their customers’ data. Multinational companies, but also SMEs and artisans who have a customer database.
What is the principle?
The main point is the principle of consent for the collection and storage of data, a concept which is a specific feature of European law. Citizens are the owners of their personal data, so companies, particularly the American giants (Facebook, Google, Apple, Amazon, Microsoft and their partners), can no longer use the presumption of consent argument to justify using data belonging to their customers and users.
What does the GDPR actually stipulate?
From now on businesses will have to provide precise details of their practices with regard to collecting and storing personal data. Users will have access to more details on the processing of their data. For the sake of transparency, the information should also be set out clearly and accurately.
The obligations of businesses
Although the GDPR simplifies the administrative formalities overall, it still imposes a number of restrictions on businesses:
- Data protection by design compliance
- Security by default obligation
- Documentation obligation
- Impact study before implementing certain forms of processing
- Obligation to appoint a "Data Protection Officer", who is responsible for the resources deployed by the business.
What to do if an incident occurs that affects customer data
Any incident that may have compromised the integrity of customer data held by the business must be officially declared to the CNIL within 72 hours. This is the responsibility of the Data Protection Officer designated by the business.
What are the penalties in case of an infringement?
The legislator has put in place a wide range of administrative penalties for non-compliance with the regulation, ranging from a simple warning to fines as high as 20 million euros or 4% of the global turnover of the business in case of infringements of the rules on consent or infringements relating to transfers of personal data outside the European Union.
Source : www.01net.com
The solutions proposed by ArtWhere
Analysis of your site in order to make a tailored offer
Carrying out HTTPS certification
Setting up a two-step verification process
GDPR Conditions and Cookies policy
Setting up a centralised database
Cookies consent banner
Our cookies consent banner appears until the user clicks on ‘I understand’ or ‘Modify’ which shows the cookies management menu.
Cookies management menu
Our cookies management menu enables the user to choose the cookies he accepts to use. In some cases, the user may be re-directed to the supplier’s website to disactivate the cookies, as for ‘AddThis’ for example.