RGPD: Discover the “At the same time” method
The entry into force of the General Data Protection Regulation (GDPR) on May 25, 2018 has put the topic of personal data protection back in the news. Companies are now required to comply with all aspects of this new legislation.
IT Strategy
May 25, 2018: date of the new era
I am convinced that this important news for all European companies will be long-lasting and sustainable and does not represent a fad. The digital age, which we entered decades ago, “has led to a substantial increase in the flow (…) of personal data. The exchange of personal data has intensified (…) “*.
*Extract from Recital 5 of the GDPR
However, the fateful date of May 25, 2018 will not be a cut-off date assures Isabelle Falque-Pierrotin, president of the CNIL. She assures that the CNIL’s position will be flexible at first, to allow all companies to implement the 6 key steps:
- Designate a pilot
- Mapping
- Prioritize
- Managing risks
- Organize
- Document
The “at the same time” of the European Union
The new European regulation therefore aims to guarantee, on the one hand, the free circulation of personal data, which has become essential to the functioning of the economic market, and on the other hand, to ensure the protection of the fundamental rights of individuals, and in particular their right to the protection of their personal data.
From now on, it is clear that the free circulation of personal data within theEuropean Union, and even beyond, is neither limited nor forbidden. On the other hand, it must be done in a transparent and accountable way, because organizations do not own the personal data that individuals entrust to them.
This is why, beyond the regulatory compliance aspect, the RGPD is “at the same time” an opportunity that all organizations must seize, to create a climate of trust and reassure their partners.
Groups such as Facebook, Twitter or Linkedin have seized the opportunity of the compliance of their terms of use with the RGPD to make “at the same time” an exercise of transparency and a work of pedagogy with their users, always with the aim of (re)-creating a bond of trust.
The 5 reflexes to adopt to comply with the RGPD
In practice, it is often complicated to identify the right data management reflexes. To find out if you are in compliance with the new RGPD law, make sure you always respect the three main concepts imposed by the European authorities: Responsibility – Trust – Transparency.
Some simple reflexes are to be adopted to facilitate the daily management, here are 5 which will be useful to you:
1) Collect only the data you really need for your business
2) Be transparent and make it clear what the personal data you hold will be used for
3) Think about people’s rights first and don’t wait to respond to all requests to modify or delete contacts from your data bases
4) Identify and analyze the risks according to the sensitivity of the data at your disposal
5) Guarantee the control and security of the data you have according to the sensitivity of the latter Sensitive or not, RGPD label, legal framework…
Discover in video the questions and answers of the CNIL: