How must companies ensure the protection of their customers' personal data under the RGPD? Me Zakine, lawyer in Ile de France
The RGPD is a European regulation designed to protect the personal data of European Union citizens. It applies to all companies and organisations that process the personal data of individuals residing in the European Union, regardless of where they are processed.
In today's digital age, personal data breaches have become commonplace, causing our right to privacy to falter. The General Data Protection Regulation (GDPR), a 2016 European regulation, provides a framework for the protection of personal data. A major European response to the risk of personal data and privacy breaches.
The General Data Protection Regulation (GDPR) is a European regulatory text that governs the processing of personal data. It was designed to strengthen the rights of individuals, but also to oblige businesses to assume a new responsibility in terms of data protection. Every company must implement measures to guarantee the security of its customers' personal data. So how do you go about it?
1. Identify the data collected
It is essential to identify what data is collected, why it is collected, how it is stored, who has access to it and how it is protected.
Whenever a company collects personal data, the customer must be informed.
This step is necessary insofar as the customer, an individual, has the right to withdraw, cancel and rectify the data collected.
The company must check several points:
- the data processed is necessary for the activity: the RGPD requires proportionality between the processing of data and the objectives pursued
- no sensitive information such as medical data is processed,
- only authorised persons have access to personal data, depending on the purpose. For example, in a condominium, only a union council will have the right to access video surveillance cameras,
- that the data is not kept beyond what is necessary: once again, the question of proportionality is present.
2. The need to appoint a Data Protection Officer (DPO)
The appointment of a Data Protection Officer (DPO) is a requirement of the RGPD for certain businesses, particularly those that process data on a large scale or process special categories of data.
The role of the DPO is to ensure the effective and strict application of the RGPD. He or she assists companies with the management of personal data and the way in which personal data breaches should be handled.
3. Informing customers of their rights, in particular by means of the General Terms and Conditions for the Protection of Personal Data or within the General Terms and Conditions of Use.
The RGPD has strengthened the rights of data subjects in terms of data protection. Companies are obliged to provide clear and accessible information about their rights, which include the right to access their data, rectify it, request its deletion, object to its processing, restrict its processing and request its portability.
Customers are also informed of their right to request rectification of their personal data.
The information relates to :
- the purpose of collecting personal data
- which authorises the collection of personal data (legitimate interest). Example: loyalty
- who has access to this data
- how long personal data is kept
- how people can access their data (by registered post or e-mail)
Customers must have given their consent. This is a fundamental point of the RGPD for the protection of personal data.
4. Introduce stringent security measures at our sites
Companies are obliged to implement robust security measures to protect data. personal against loss, alteration and unauthorised access, or against hackers (password to access a personal space, firewall, anti-virus, etc.).
5. Provide for a procedure in the event of a data breach
In the event of a data breach, the GDPR requires companies to notify the relevant supervisory authority within 72 hours. It is therefore essential for companies to have a procedure in place for detecting, reporting and investigating data breaches.
5. How much does a RGPD lawyer ?
The cost of an RGPD lawyer varies depending on a number of factors.
The basic principle is, of course, that the cost will vary according to the work involved and the time spent.
The easiest way is to take a consultation with Mr Zakine, RGPD lawyer. The cost is 120 euros. She will be able to guide you and go over the basics with you.
I invite you to read the faq about why the first consultation is subject to a fee (because during the first consultation, Ms Zakine will start to guide you through the process).
As a as an RGPD lawyer, Master Zakine will support you at every stage of your company's compliance with the RGPD. We can advise you on your obligations as a data controller and help you draw up the necessary documents.
Read also on Me Zakine's website : When the protection of privacy and personal data becomes a matter for the European Union
You can also consult : Maître Zakine Lawyer RGPD - Personal Data