What you need to know about GDPR in 7 questions
Posted: Thu Dec 26, 2024 9:47 am
Companies that process personal data will soon be subject to the GDPR, the new European regulation adopted in April 2016 and applicable on May 25, 2018. To be ready on time and avoid exposing themselves to significant sanctions, European companies and organizations, as well as foreign ones that work with EU users, must be aware of the new regulation and what it implies. Overview of the key points of the GDPR to know in order to better organize yourself.
GDPR - Data Protection - In 7 questions
1. GDPR, what is it?
The GDPR (General Data Protection Regulation) is the new general france telegram regulation of the European Union on data protection . Its goal: to strengthen respect for users' privacy by reducing unsolicited communications and guarantee the protection of personal data.
The text, published on 27 April 2016 in the Official Journal of the European Union, will be applicable from 25 May 2018 in all EU countries and will also concern non-European companies doing business with European users.
On the one hand, the GDPR strengthens the rights of European users, who can control their personal data. On the other hand, it aims to simplify formalities for companies, but also to better regulate the way in which they process this data and circulate it.
2. What law does the GDPR replace?
The GDPR will replace a text adopted in 1995, when the Internet was taking its first steps on the international scene: the Directive on the protection of personal data . France was also one of the first countries to formulate a Data Protection Act, in 1978.
Today, the National Commission for Information Technology and Civil Liberties (CNIL) acts as the authority for the protection of personal data of French citizens. With the GDPR, the formalities with the CNIL will be simplified in particular.
The new regulation thus makes it possible to harmonise all European rules relating to the protection of personal data.
3. Who is affected by the GDPR?
The GDPR does not only apply to the field of email marketing , but also to public authorities and companies of all sizes and from all sectors of the industry . Marketers around the world are the first to be affected, since their profession relies on the exploitation of data. They must therefore prepare themselves today to comply with the new regulation and avoid particularly substantial fines.
The new European regulation applies to companies and organisations physically located in European Union countries (including the United Kingdom, despite Brexit). It also concerns non-EU entities, to the extent that they process personal data of European citizens.
4. What type of data does the GDPR apply to?
The GDPR only applies to “personal data”, i.e. data that can identify a natural person . The protection of personal data therefore concerns:
socio-demographic data , such as name, profession, age, family situation, place of residence or email address (even the professional email address of a natural person);
encrypted data and online identifiers (including cookies);
behavioral data , including purchasing situation or behavior or use of purchased products;
biometric or genetic data .
5. What are the main provisions of the GDPR?
The GDPR aims to strengthen users' rights by giving them more control over what companies and organizations do with their personal data. The main measures that users and professionals need to know are:
a possibility of recovery of data by the user who communicated them and subsequent reuse (right of portability);
increased transparency , thanks to the rights of access and rectification;
better protection of children : parental consent is required when the user is under 16 years old;
a single data protection authority that makes things easier for users;
increased penalties , with fines likely to reach 20 million euros or 4% of the annual global turnover of the companies involved;
a right to be forgotten/erasure to better protect the privacy of individuals;
limiting data collection to the minimum required;
the need to obtain the explicit and free consent of the user;
the obligation to report breaches (data leaks, etc.) within 72 hours;
the implementation of reinforced security measures by companies, with “data protection by design” of products and services using personal data.
6. What is a data protection officer?
Public authorities and bodies, as well as companies that process “sensitive” data on a large scale or carry out regular and systematic monitoring of users on a large scale, will be required to appoint a data protection officer .
This person will have a mission of information, support and awareness within the company or organization to help it comply with the GDPR. He will be responsible for relations with the CNIL.
7. What are the sanctions and penalties provided for by the GDPR?
The GDPR provides for severe penalties for organizations and companies that fail to comply with the new personal data protection measures.
Fines will range from €10 million to €20 million or 2% to 4% of the company's annual global turnover (whichever is higher). The penalty will depend on the type of GDPR violation.
The most severe penalties include:
GDPR - Data Protection - In 7 questions
1. GDPR, what is it?
The GDPR (General Data Protection Regulation) is the new general france telegram regulation of the European Union on data protection . Its goal: to strengthen respect for users' privacy by reducing unsolicited communications and guarantee the protection of personal data.
The text, published on 27 April 2016 in the Official Journal of the European Union, will be applicable from 25 May 2018 in all EU countries and will also concern non-European companies doing business with European users.
On the one hand, the GDPR strengthens the rights of European users, who can control their personal data. On the other hand, it aims to simplify formalities for companies, but also to better regulate the way in which they process this data and circulate it.
2. What law does the GDPR replace?
The GDPR will replace a text adopted in 1995, when the Internet was taking its first steps on the international scene: the Directive on the protection of personal data . France was also one of the first countries to formulate a Data Protection Act, in 1978.
Today, the National Commission for Information Technology and Civil Liberties (CNIL) acts as the authority for the protection of personal data of French citizens. With the GDPR, the formalities with the CNIL will be simplified in particular.
The new regulation thus makes it possible to harmonise all European rules relating to the protection of personal data.
3. Who is affected by the GDPR?
The GDPR does not only apply to the field of email marketing , but also to public authorities and companies of all sizes and from all sectors of the industry . Marketers around the world are the first to be affected, since their profession relies on the exploitation of data. They must therefore prepare themselves today to comply with the new regulation and avoid particularly substantial fines.
The new European regulation applies to companies and organisations physically located in European Union countries (including the United Kingdom, despite Brexit). It also concerns non-EU entities, to the extent that they process personal data of European citizens.
4. What type of data does the GDPR apply to?
The GDPR only applies to “personal data”, i.e. data that can identify a natural person . The protection of personal data therefore concerns:
socio-demographic data , such as name, profession, age, family situation, place of residence or email address (even the professional email address of a natural person);
encrypted data and online identifiers (including cookies);
behavioral data , including purchasing situation or behavior or use of purchased products;
biometric or genetic data .
5. What are the main provisions of the GDPR?
The GDPR aims to strengthen users' rights by giving them more control over what companies and organizations do with their personal data. The main measures that users and professionals need to know are:
a possibility of recovery of data by the user who communicated them and subsequent reuse (right of portability);
increased transparency , thanks to the rights of access and rectification;
better protection of children : parental consent is required when the user is under 16 years old;
a single data protection authority that makes things easier for users;
increased penalties , with fines likely to reach 20 million euros or 4% of the annual global turnover of the companies involved;
a right to be forgotten/erasure to better protect the privacy of individuals;
limiting data collection to the minimum required;
the need to obtain the explicit and free consent of the user;
the obligation to report breaches (data leaks, etc.) within 72 hours;
the implementation of reinforced security measures by companies, with “data protection by design” of products and services using personal data.
6. What is a data protection officer?
Public authorities and bodies, as well as companies that process “sensitive” data on a large scale or carry out regular and systematic monitoring of users on a large scale, will be required to appoint a data protection officer .
This person will have a mission of information, support and awareness within the company or organization to help it comply with the GDPR. He will be responsible for relations with the CNIL.
7. What are the sanctions and penalties provided for by the GDPR?
The GDPR provides for severe penalties for organizations and companies that fail to comply with the new personal data protection measures.
Fines will range from €10 million to €20 million or 2% to 4% of the company's annual global turnover (whichever is higher). The penalty will depend on the type of GDPR violation.
The most severe penalties include: