Did you know ? The GDPR (General Data Protection Regulation) comes into force on May 25, 2018. In other words, a new regulation concerning the protection of personal data will soon be put in place and we will have to deal with it. Indeed, this regulation must be respected and implemented before May 25, 2018 for all companies using the personal data of their customers. This obviously involves all retailers who are moving towards digitizing their physical spaces.
Objectives of the General Data Protection Regulation
The purpose of this regulation is to strengthen and above all to unify all the elements relating to the protection of personal data, this in a broad spectrum since the regulation will be applicable within the European Union. Various issues are addressed in this regulation such as the confidentiality of personal data and the collection of qualitative data. These questions, almost ethical, should already have been addressed a few years ago, in connection with technological developments.
The main purpose of this law is therefore precisely to protect the personal data of citizens of the European Union.
What is personal data? Personal data corresponds to any type of information relating to an individual and related to his private, public and professional life. In other words, personal data may be: a name, a photo, bank details, an address, information published on social networks, on the web, a IP adress, interests, etc.
On the other hand, with this new regulation, a data protection office becomes mandatory in all companies working with sensitive data. The idea with this office is to ensure regular and systematic monitoring of the data collection process. He must also advise and above all inform the retailer as well as the employees and other members of the company of the various obligations related to the settlement. This office is responsible for the correct application of the regulations and must therefore check that all of them are respected.
“Privacy by design” and “privacy by default”
The Data Protection Regulation offers two types of privacy protection. There exists the “privacy by design”, which obliges companies to integrate the protection of personal data from the beginning of the project, from its conception. There is also the “privacy by default” which represents "technical and organizational measures to ensure that only the personal data necessary for each specific purpose of the processing are used" (source : Privacyvox).
Thus, the (increasing number of) companies working with customer data have a lot of compliance work to do in order to meet the standards of this new regulation before 2018.
6 CNIL steps to comply with the new 2018 regulations
More information to comply with the 2018 regulations
Strong penalties in the event of non-compliance with the 2018 European regulations
The CNIL indicates that strong administrative sanctions will be put in place in the event of non-compliance with the regulations. The organization indicates that the protection authorities will be able to:
- give a warning,
- Put the company on notice,
- Temporarily or permanently limit processing,
- Suspend data streams,
- Order to satisfy requests for the exercise of the rights of persons,
- Order the rectification, restriction or erasure of data
With regard to administrative fines, they may amount (depending on the category of the offence) to significant amounts: 10 or 20 million euros, or, in the case of a company, between 2% and 4% of global annual turnover, whichever is higher.
Time is running out, it's up to you to comply with the personal data regulations before May 2018!
