GDPR

What’s the GDPR ?

The General Data Protection Regulation has 3 objectives:

1. Strengthen people rights
2. Accountability of people managing personal data
3. Empower enforcement thanks to cooperation among EU members

The stake for concerned organization is to master the life cycle of their data (use and protection) and being able to transfer them to the concerned customer.

 Who is concerned?

All organizations manipulating personal data of European citizens.

What’s a personal data?

All data that can identify directly or indirectly a physical person

What date?

The GDPR will be applicable and enforced from May 25^th 2018.

What sanctions?

Financial sanctions could be as high as the maximum of €20,000,000 or 4% of global turnover. Also all data treatment unfit to the GDPR could be suspended, and data removed.

Impact on the organization

1^st Principle – Purpose, why are we collecting these data

2^nd Principle – Relevant, collect the minimum data needed for the process

3^rd Principle – Storage, data life cycle

4^th Principle – Rights, access right, change right, and transfer right

5^th Principle – Safety, data protection

Comply in 6 steps

1. Designate a Data Protection Officer
2. Map your data processes
3. Rank actions to take
4. Conduct impact analysis
5. Organize internal processes
6. Produce documents showing compliance