Support
Partners
Contact
Get a demo

GDPR: The impacts of the European data protection regulation

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR).
Sophie Lamarche
1 January 2018
Data Management
3 min
rgpd les impacts du reglement europeen sur la protection des donnees

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR). This new regulatory framework of the European Union (EU) will come into effect as of May 25, 2018. It aims at increasing obligations of organizations processing personal data and at strengthening the control that EU citizens have over the collection and use of their personal information. The GDPR applies to any organization that processes the personal data of EU residents and citizens. If it applies to you, here are the steps to follow to ensure compliance.

1. Review existing practices

The first step on the road to GDPR compliance is to understand how personal data is stored, processed, shared and used within the enterprise. Identify the existing personal data processing practices, those responsible for them, the current security levels and the changes required. Remember that GDPR obligations do not apply only to your enterprise but also extend to suppliers who process personal data on your behalf.

2. Keep a register of processing activities

The enterprise must be able to prove compliance with the GDPR at any point in time. To that end, you must keep a register of data processing activities. This replaces the mandatory declaration to the CNIL. The register should include all operations performed on personal data related to the following processes: collection, storage, use, sharing or destruction. The enterprise must ensure, at all times, that the processes in place are compliant, secure and that they guarantee data confidentiality.

As soon as a processing activity that may infringe privacy is detected, the enterprise must conduct a privacy impact assessment. These assessments must be documented.

3. Appoint a data protection officer

Such appointment is mandatory only for public sector organizations and companies processing sensitive data and/or data on a large scale. However, having recourse to one is highly recommended. This person must be involved in matters relating to the protection of personal data. The data protection officer’s main duties are to ensure compliance with the GDPR, to advise the controller on its application and to act as contact person with supervisory authorities.

The data protection officer may also be responsible for notifying the CNIL and the people concerned in case of violation of privacy, within a maximum of 72 hours.

4. Apply the principles of “privacy by design” and “privacy by default”

The principle of “privacy by design” aims at building privacy protection upfront when developing a new product, service or application.

The principle of “privacy by default” means that once a product, service or application has been released, the highest possible level of data protection should be guaranteed by the enterprise by default. In addition, the amount of personal data collected should be strictly limited to that which is necessary for the optimal use of the product, service or application.

5. Ensure transparency

Users must systematically be able to indicate consent or refusal for the processing of their personal data. They must also be informed in a clear and understandable way about the use that will be made of their data. The enterprise should be able to prove, at any point in time, the consent of a person. The following should therefore clearly be explained in the information notes: what data are collected, the purpose of the processing, the data retention period and the consequences of the refusal to provide personal data.

6. Allow data portability and destruction

The right to portability and the right to be forgotten give users the possibility to dispose of their data as they wish, either by requesting its retrieval in order to transmit it to a third-party enterprise or by asking for its destruction.

7. Raise awareness and train employees

Any employee who is likely to handle data must be aware of best practices to ensure its protection and confidentiality. Make sure to train all concerned within the enterprise.

Download our compliance checklist now.

For further information, please refer to the full text on the General Data Protection Regulation (GDPR).

Find out how your company can benefit from Dialog Insight.

Request a demo

Read also

Security and conformity

Email Marketing and Environmental Impact: Reducing Weight Becomes a Priority

Email marketing is a powerful tool, but its environmental impact is often underestimated. Between data storage, information transfer, and display on devices, every campaign generates a digital footprint. Discover why reducing the weight of your emails is becoming an essential practice and how to optimize your campaigns to reconcile marketing performance with ESG responsibility.

Read more

News

Discover RCS (Rich Communication Services)

Upgrade to the next generation of text messaging with richer, more interactive and engaging mobile experiences.

RCS. Create. Launch. Convert.

Read more

Customer Data Platform

CRM, CDP, and marketing automation: who does what?

CRM, CDP, and marketing automation are often confused, even though they play very distinct roles. This article clarifies their differences and complementarity, and explains how to combine them to build a high-performing marketing strategy that is truly data-driven.

Read more

Omni-Channel Marketing Campaign

Marketing tactics not to be overlooked at this time (COVID-19)

Needless to say, the COVID-19 crisis and the population lockdown brings several challenges to businesses. We have therefore listed the most relevant marketing tactics of the moment to stay actively in the minds of consumers. 

Read more

Omni-Channel Marketing Campaign

Everything you need to know to succeed in your first SMS campaign

The SMS opening rate is 98%; it's huge! It would be foolish to do without this way of reaching your users. So many opportunities to connect with the consumer right at the fingertips...literally.

Read more

Omni-Channel Marketing Campaign

Proven Strategies to Improve Your Email Deliverability and Boost Your Open Rates

Explore the most efficient techniques, from email list cleanliness to testing, that you can implement right away to enhance your email deliverability.

Read more

New at Dialog Insight

Every message, on the right channel, at the right time — automatically.

What if your campaigns could find on their own the ideal channel and the perfect moment to generate more impact?With Smart Channel and Omnichannel STO, your campaigns become more engaging and more effective:
  • Automatically send each message through your contacts’ preferred channel
  • Trigger your sends at the optimal time to maximize impact
  • Drive more clicks, conversions, and revenue — without added complexity
See how to activate this smart duo