Are you compliant with the rules imposed by the GDPR?
The 25 May deadline is approaching.
The GDPR (General Data Protection Regulation) is a new European regulation which introduces a number of measures to define the legal framework for the protection of personal data within the European Union. Its purpose is to strengthen EU citizens’ rights and give them more control over their personal data.
Who is affected?
This regulation applies to all businesses that collect and process their customers’ data. Multinational companies, but also SMEs and artisans who have a customer database.
What is the principle?
The main point is the principle of consent for the collection and storage of data, a concept which is a specific feature of European law. Citizens are the owners of their personal data, so companies, particularly the American giants (Facebook, Google, Apple, Amazon, Microsoft and their partners), can no longer use the presumption of consent argument to justify using data belonging to their customers and users.
What does the GDPR actually stipulate?
From now on businesses will have to provide precise details of their practices with regard to collecting and storing personal data. Users will have access to more details on the processing of their data. For the sake of transparency, the information should also be set out clearly and accurately.
The obligations of businesses
Although the GDPR simplifies the administrative formalities overall, it still imposes a number of restrictions on businesses:
- Data protection by design compliance
- Security by default obligation
- Documentation obligation
- Impact study before implementing certain forms of processing
- Obligation to appoint a "Data Protection Officer", who is responsible for the resources deployed by the business.
What to do if an incident occurs that affects customer data
Any incident that may have compromised the integrity of customer data held by the business must be officially declared to the CNIL within 72 hours. This is the responsibility of the Data Protection Officer designated by the business.
What are the penalties in case of an infringement?
The legislator has put in place a wide range of administrative penalties for non-compliance with the regulation, ranging from a simple warning to fines as high as 20 million euros or 4% of the global turnover of the business in case of infringements of the rules on consent or infringements relating to transfers of personal data outside the European Union.
Source : www.01net.com
The solutions proposed by ArtWhere
Analysis of your site in order to make a tailored offer
Setting up a centralised database
Carrying out HTTPS certification
Setting up a two-step verification process
GDPR Conditions and Cookies policy
Bandeau d'acceptation des cookies
Notre bandeau d'acceptation des cookies, il apparaît en permanence tant que l'utilisateur n'a pas cliqué sur "J'ai compris" ou "Modifier" qui fait apparaître le panneau de gestion des cookies.
Panneau de gestion des cookies
Notre panneau de gestion des cookies qui permet à l'utilisateur de choisir les cookies qu'il accepte d'utiliser. Dans certains cas il peut arriver que l'utilisateur soit redirigé vers le site du fournisseur pour en désactiver les cookies comme pour AddThis par exemple.