GDPR: The impacts of the European data protection regulation

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR).
Sophie Lamarche
1 January 2018
Data Management
3 min
rgpd   les impacts du reglement europeen sur la protection des donnees

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR). This new regulatory framework of the European Union (EU) will come into effect as of May 25, 2018. It aims at increasing obligations of organizations processing personal data and at strengthening the control that EU citizens have over the collection and use of their personal information. The GDPR applies to any organization that processes the personal data of EU residents and citizens. If it applies to you, here are the steps to follow to ensure compliance.

1. Review existing practices

The first step on the road to GDPR compliance is to understand how personal data is stored, processed, shared and used within the enterprise. Identify the existing personal data processing practices, those responsible for them, the current security levels and the changes required. Remember that GDPR obligations do not apply only to your enterprise but also extend to suppliers who process personal data on your behalf.

2. Keep a register of processing activities

The enterprise must be able to prove compliance with the GDPR at any point in time. To that end, you must keep a register of data processing activities. This replaces the mandatory declaration to the CNIL. The register should include all operations performed on personal data related to the following processes: collection, storage, use, sharing or destruction. The enterprise must ensure, at all times, that the processes in place are compliant, secure and that they guarantee data confidentiality.

As soon as a processing activity that may infringe privacy is detected, the enterprise must conduct a privacy impact assessment. These assessments must be documented.

3. Appoint a data protection officer

Such appointment is mandatory only for public sector organizations and companies processing sensitive data and/or data on a large scale. However, having recourse to one is highly recommended. This person must be involved in matters relating to the protection of personal data. The data protection officer’s main duties are to ensure compliance with the GDPR, to advise the controller on its application and to act as contact person with supervisory authorities.

The data protection officer may also be responsible for notifying the CNIL and the people concerned in case of violation of privacy, within a maximum of 72 hours.

4. Apply the principles of “privacy by design” and “privacy by default”

The principle of “privacy by design” aims at building privacy protection upfront when developing a new product, service or application.

The principle of “privacy by default” means that once a product, service or application has been released, the highest possible level of data protection should be guaranteed by the enterprise by default. In addition, the amount of personal data collected should be strictly limited to that which is necessary for the optimal use of the product, service or application.

5. Ensure transparency

Users must systematically be able to indicate consent or refusal for the processing of their personal data. They must also be informed in a clear and understandable way about the use that will be made of their data. The enterprise should be able to prove, at any point in time, the consent of a person. The following should therefore clearly be explained in the information notes: what data are collected, the purpose of the processing, the data retention period and the consequences of the refusal to provide personal data.

6. Allow data portability and destruction

The right to portability and the right to be forgotten give users the possibility to dispose of their data as they wish, either by requesting its retrieval in order to transmit it to a third-party enterprise or by asking for its destruction.

7. Raise awareness and train employees

Any employee who is likely to handle data must be aware of best practices to ensure its protection and confidentiality. Make sure to train all concerned within the enterprise.

Download our compliance checklist now.

For further information, please refer to the full text on the General Data Protection Regulation (GDPR).

Find out how your company can benefit from Dialog Insight.

Read also

Blog

Revolutionize your audience engagement through personalization and relationship marketing

In a media landscape saturated with content, capturing consumer attention is a major challenge for entertainment companies. To stand out, an attractive offer alone is no longer enough—brands must engage their audience in a personalized, relevant, and continuous way. This is where relationship marketing strategies come into play, supported by intelligent data analysis and automated interactions.

Blog

Create a consistent omnichannel experience to boost your sales through intelligent customer data activation

Today, consumers effortlessly move from one screen to another, from one channel to the next, before making a purchasing decision. In the face of this complexity, simply being present across multiple channels is no longer enough. What truly makes a difference is a brand’s ability to deliver a seamless, consistent, and personalized experience at every stage of the customer journey.

News

Make your analysis more reliable by identifying openings generated by Apple bots

With the widespread adoption of privacy protection in email tools, marketers are facing a major challenge: the reliability of open rates. Thanks to our feature, it is now possible to identify and filter out openings automatically generated by Apple bots.

Omni-Channel Marketing Campaign

8 must-haves for a high converting landing page

You attracted a visitor to your page? Now, how to convert this visitor into a client? A landing page for your offer provides a more complete experience and facilitates conversion through a targeted message.

Blog

Email Segmentation: Elevate Your Marketing Strategy 

Boost your email marketing strategy with segmentation: Increase open rates and conversions while building loyalty by tailoring messages to specific audience groups. Learn how now.

Data analysis

Harness Digital Marketing Analytics to Optimize Your Email Campaigns

Email campaigns are one of the most effective digital marketing tactics for businesses. They allow you to reach out to your customers directly and engage them with your message. But, with the ever-changing digital landscape, it's important to stay on top of your email campaigns and optimize them for maximum effectiveness. That's where digital marketing analytics comes in.