A " personal data » is “any information relating to an identified or identifiable natural person”.
A person can be identified:
- directly (example: last name, first name)
- or indirectly (example: by an identifier (customer number), a (telephone) number, a biometric data, several specific elements specific to one's physical, physiological, genetic, psychological, economic, cultural or social identity, but also voice or image).
Data processing must have an objective, a purpose, that is, you cannot collect or process personal data just in case it comes in handy one day. Each data processing must be assigned a purpose, which must obviously be legal and legitimate with regard to your professional activity.
As a GDPR lawyer, Maître Zakine supports you in all stages of bringing your company into compliance with the GDPR. She advises you on the obligations incumbent on you as data controller and assists you in drafting the documents.
Read also on Me Zakine's website : When the protection of privacy and personal data becomes a matter for the European Union
You can also consult : Maître Zakine Lawyer RGPD - Personal Data
Frequently asked questions
Why protect my personal data as a company?
The GDPR requires companies to protect the personal data of their customers. In case of violation, you risk fines of up to 20 million euros or 4% of annual turnover. A GDPR lawyer helps you comply.
What are the deadlines to report a data breach to the CNIL?
You must notify the CNIL within 72 hours of discovering the violation. If the deadline is not met, penalties may be applied. A lawyer assists you in the notification procedure.
Can I collect personal data without consent?
No, consent is one of the legal bases for processing. You must clearly inform the person and obtain their explicit agreement. Other legal bases exist (performance of a contract, legal obligation), but they must be justified. A lawyer advises you.
How much does a GDPR compliance cost?
The cost varies depending on the size of the company and the complexity of the processing. An initial audit can cost between €1,000 and €5,000, setting up procedures between €2,000 and €10,000. A lawyer can provide a personalized quote.
What to do if a client requests deletion of their data?
You must respond to the request within one month. If you cannot delete the data (e.g., legal obligation to retain), you must inform the client. A lawyer helps you manage these requests and comply with the GDPR.
