Companies have until 25th May to ensure that they comply with GDPR regulations, an EU wide text which aims to improve customer data protection rights to prevent their data from being used without their approval.
Adopted on 27th April 2016 by the European parliament, the General Data Protection Regulation will set out a general framework for all 28 EU member countries about the way in which their companies will use, conserve or manipulate personal data collected from customers* This new regulation will be enforced from 25th May 2018 and will apply to all types and size of company and all industries, stores, online stores, logistics services, agencies and PR services.
In France, GDPR (or RGPD in French) will substitute the Loi Informatique et Libertés, in force since 1978 regarding personal data.
Companies will be required to conform the main three following points. Non conformity could bring about penalties of between 2 and 4% of the annual turnover of the company.
1. The right to be forgotten
The new European legislation confirms a right to be forgotten, an aspect which already exists in French Law. Anybody can demand the right to delete all personal information as quickly as possible. Reasons for this request are specified in article 17.
2. Data mobility
A new principal brought in by GDPR, data mobility offers customers the right to recuperate part of the data that has been provided to a company, a website or public service in order to appropriate the data for their own personal use or for another recipient. This transfer may be carried out by the personal themselves or by the organization which received, managed and stored the data.
3. Data Privacy Officer (DPO)
All private companies and public entities who handle personal data on a large scale are required to nominate a specific person who is in charge of monitoring strict internal enforcement of GDPR. (article 39).
Click here for further information about the General Data Protection Regulation (GDPR)