General Data Protection Regulation – GDPR

What’s the GDPR ?

The General Data Protection Regulation has 3 objectives:

  1. Strengthen people rights
  2. Accountability of people managing personal data
  3. Empower enforcement thanks to cooperation among EU members

The stake for concerned organization is to master the life cycle of their data (use and protection) and being able to transfer them to the concerned customer.

 

 Who is concerned?

All organizations manipulating personal data of European citizens.

 

What’s a personal data?

All data that can identify directly or indirectly a physical person

Name Mail Social number
Phone IP address Biometric data
Address Picture Online ID

 

What date?

The GDPR will be applicable and enforced from May 25th 2018.

 

What sanctions?

Financial sanctions could be as high as the maximum of €20,000,000 or 4% of global turnover. Also all data treatment unfit to the GDPR could be suspended, and data removed.

 

Impact on the organization

1st Principle – Purpose, why are we collecting these data

2nd Principle – Relevant, collect the minimum data needed for the process

3rd Principle – Storage, data life cycle

4th Principle – Rights, access right, change right, and transfer right

5th Principle – Safety, data protection

Comply in 6 steps

  1. Designate a Data Protection Officer
  2. Map your data processes
  3. Rank actions to take
  4. Conduct impact analysis
  5. Organize internal processes
  6. Produce documents showing compliance