What’s the GDPR ?
The General Data Protection Regulation has 3 objectives:
- Strengthen people rights
- Accountability of people managing personal data
- Empower enforcement thanks to cooperation among EU members
The stake for concerned organization is to master the life cycle of their data (use and protection) and being able to transfer them to the concerned customer.
Who is concerned?
All organizations manipulating personal data of European citizens.
What’s a personal data?
All data that can identify directly or indirectly a physical person
Name | Social number | |
Phone | IP address | Biometric data |
Address | Picture | Online ID |
What date?
The GDPR will be applicable and enforced from May 25th 2018.
What sanctions?
Financial sanctions could be as high as the maximum of €20,000,000 or 4% of global turnover. Also all data treatment unfit to the GDPR could be suspended, and data removed.
Impact on the organization
1st Principle – Purpose, why are we collecting these data
2nd Principle – Relevant, collect the minimum data needed for the process
3rd Principle – Storage, data life cycle
4th Principle – Rights, access right, change right, and transfer right
5th Principle – Safety, data protection
Comply in 6 steps
- Designate a Data Protection Officer
- Map your data processes
- Rank actions to take
- Conduct impact analysis
- Organize internal processes
- Produce documents showing compliance