All the versions of this article: [English] [français]

Did my company is concerned by this regulation ?

All companies located in the EU or those who use European residents’ personal data to offer services or goods are concerned. In this way, the GDPR applies to nearly all companies

Did the appointment of a DPO is obligatory ?

The appointment of a DPO is mandatory in 3 case :

  • If data processing is made by a public organization
  • If personal data management demand regular and systematic monitoring on a big scale
  • If the database contains elements that are considered as “sensitive” (religious believe, ethnicity)

What is changing in concrete terms ?

The changes bring by this new regulation :

  • Internet user consent : all the organization that collecting or processing personal data must get beforehand a clear, explicit, and written permission
  • The right to data portability : clients can transfer their personal data from an organization to another
  • The right to be forgotten : customers can have their data deleted
  • The right to be informed if there has been a data breach : In this case your organization have an obligation to inform its customers in the next 72 hours

What are the penalties for companies who do not follow the GDPR (General Data Protection Regulation) ?

The financial penalties can be particularly important. Indeed, penalties impose by CNIL can reached 4% of the annual global sales revenue or 20 billion of euros depending on companies. These are significant financial measures who cannot be handle by all companies, this is why compliance with the regulation is crucial.

I envisage to transmit another newsletter to my subscribers, is it important to have their consent again ?

Subscribers must indicate their consent again; it must be clear and explicit

What is an explicit consent ?

The consent should have to be positive and clear, in other terms, people who give their consent have to be completely aware and informed of the use of their personal data