The GDPR (General Data Protection Regulation) is a law enacted by the European Union parliament that is in force in its member states. Its purpose is to hold companies that have a website and process customers’ private information accountable. This law requires them to ensure the security of the data processed. To learn more about this regulation, find more details in this article.
What is GDPR?
The law that came into force on May 25, 2018, the General Data Protection Regulation GDPR is subject to any company that uses personal data. It allows to secure the processing and dissemination of personal data in EU member countries. Since its entry into force, it is mandatory and directly applicable for all companies concerned. Companies are therefore advised to update themselves about this law, to avoid the repercussions that this could cause.
This law is the result of the desire of the member countries of the European Union to create a unified legal circle to deal with the different challenges of processing personal data.
Who is affected by GDPR compliance?
The GDPR law applies to all organizations, whether small or large, that use personal data for their operation or not. In addition, the activities of the latter must take place on European territory or target people residing in Europe. The GDPR therefore has a very broad scope of application, since it takes into account all the companies concerned without distinction.
Responsibility for processing private information lies with the company’s managers. They are considered at fault in the event of an information leak or misuse of personal information. They are therefore required to secure data and verify that processing complies with the GDPR. They will then have to exercise extreme vigilance during this GDPR compliance.
What data is considered personal?
The concept of personal data is very broad. According to the CNIL, personal data takes into account all information relating to a natural person that allows the latter to be identified. This identification can be direct (name, first name, postal address, etc.) or indirect (registration number, identifier, IP address, telephone number, etc.).
In addition, aggregated data that allows a person to be identified in a group of several individuals is also considered personal data. This includes the grouping of information related to gender, city, diplomas, date of birth, etc.
What should affected companies do?
According to the GDPR law, personal data must be:
- Appropriate, adapted, and limited;
- Treated in a way that makes them secure;
- Kept for a reasonable period;
- Collected for legitimate, explicit, and well-defined purposes;
- Accurate and regularly updated;
- Treated in a clear, fair, and lawful manner.
Compliance with these 6 points is mandatory for any company affected by the GDPR update.