GDPR: The impacts of the European data protection regulation

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR).
Sophie Lamarche
1 January 2018
Data Management
3 min
rgpd   les impacts du reglement europeen sur la protection des donnees

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR). This new regulatory framework of the European Union (EU) will come into effect as of May 25, 2018. It aims at increasing obligations of organizations processing personal data and at strengthening the control that EU citizens have over the collection and use of their personal information. The GDPR applies to any organization that processes the personal data of EU residents and citizens. If it applies to you, here are the steps to follow to ensure compliance.

1. Review existing practices

The first step on the road to GDPR compliance is to understand how personal data is stored, processed, shared and used within the enterprise. Identify the existing personal data processing practices, those responsible for them, the current security levels and the changes required. Remember that GDPR obligations do not apply only to your enterprise but also extend to suppliers who process personal data on your behalf.

2. Keep a register of processing activities

The enterprise must be able to prove compliance with the GDPR at any point in time. To that end, you must keep a register of data processing activities. This replaces the mandatory declaration to the CNIL. The register should include all operations performed on personal data related to the following processes: collection, storage, use, sharing or destruction. The enterprise must ensure, at all times, that the processes in place are compliant, secure and that they guarantee data confidentiality.

As soon as a processing activity that may infringe privacy is detected, the enterprise must conduct a privacy impact assessment. These assessments must be documented.

3. Appoint a data protection officer

Such appointment is mandatory only for public sector organizations and companies processing sensitive data and/or data on a large scale. However, having recourse to one is highly recommended. This person must be involved in matters relating to the protection of personal data. The data protection officer’s main duties are to ensure compliance with the GDPR, to advise the controller on its application and to act as contact person with supervisory authorities.

The data protection officer may also be responsible for notifying the CNIL and the people concerned in case of violation of privacy, within a maximum of 72 hours.

4. Apply the principles of “privacy by design” and “privacy by default”

The principle of “privacy by design” aims at building privacy protection upfront when developing a new product, service or application.

The principle of “privacy by default” means that once a product, service or application has been released, the highest possible level of data protection should be guaranteed by the enterprise by default. In addition, the amount of personal data collected should be strictly limited to that which is necessary for the optimal use of the product, service or application.

5. Ensure transparency

Users must systematically be able to indicate consent or refusal for the processing of their personal data. They must also be informed in a clear and understandable way about the use that will be made of their data. The enterprise should be able to prove, at any point in time, the consent of a person. The following should therefore clearly be explained in the information notes: what data are collected, the purpose of the processing, the data retention period and the consequences of the refusal to provide personal data.

6. Allow data portability and destruction

The right to portability and the right to be forgotten give users the possibility to dispose of their data as they wish, either by requesting its retrieval in order to transmit it to a third-party enterprise or by asking for its destruction.

7. Raise awareness and train employees

Any employee who is likely to handle data must be aware of best practices to ensure its protection and confidentiality. Make sure to train all concerned within the enterprise.

Download our compliance checklist now.

For further information, please refer to the full text on the General Data Protection Regulation (GDPR).

Find out how your company can benefit from Dialog Insight.

Read also

Blog

8 Tips for a Captivating and Effective Black Friday Message

Learn how to create a captivating Black Friday message with 8 practical tips to grab attention, personalize the experience, and maximize conversions. From hyper-personalization strategies to social proof, these tips will help turn your visitors into loyal customers during this high-demand season.

Blog, 25 years

25 Years of Innovation: How Dialog Insight Continues to Ride the Wave of Emerging Technologies

Discover the key innovations that have shaped Dialog Insight's success and its SaaS relationship marketing platform since 1999, and explore the emerging trends that will transform marketing over the next 25 years.

Blog

The Strategic Importance of the CSM in Customer Satisfaction and Growth at Dialog Insight

Discover the strategic importance of Customer Success Managers (CSM) at Dialog Insight, key partners in customer satisfaction, growth, and ROI optimization through effective and personalized marketing solutions.

Blog

The Strategic Importance of the CSM in Customer Satisfaction and Growth at Dialog Insight

Discover the strategic importance of Customer Success Managers (CSM) at Dialog Insight, key partners in customer satisfaction, growth, and ROI optimization through effective and personalized marketing solutions.

Blog

6 Email Marketing Tips for Black Friday Success

Black Friday is a great time to boost your sales and increase conversion rates. But for many retailers, Black Friday can be an overwhelming time of year. It's important to plan ahead and know how to manage your marketing campaigns during this busy season. In order to make sure your email campaign is ready for the upcoming period, here are some important Black Friday tips.

Omni-Channel Marketing Campaign

Is it really useful to use personalized images in your communications?

Personalization can be utilized in many ways, one of them being within images. For that reason, Dialog Insight has now added a new feature to its platform: Nifty Images.