Support
Partners
Contact
Get a demo

GDPR: The impacts of the European data protection regulation

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR).
Sophie Lamarche
1 January 2018
Data Management
3 min
rgpd les impacts du reglement europeen sur la protection des donnees

Having dealt with Canada’s anti-spam legislation, we now need to focus on Europe’s General Data Protection Regulation (GDPR). This new regulatory framework of the European Union (EU) will come into effect as of May 25, 2018. It aims at increasing obligations of organizations processing personal data and at strengthening the control that EU citizens have over the collection and use of their personal information. The GDPR applies to any organization that processes the personal data of EU residents and citizens. If it applies to you, here are the steps to follow to ensure compliance.

1. Review existing practices

The first step on the road to GDPR compliance is to understand how personal data is stored, processed, shared and used within the enterprise. Identify the existing personal data processing practices, those responsible for them, the current security levels and the changes required. Remember that GDPR obligations do not apply only to your enterprise but also extend to suppliers who process personal data on your behalf.

2. Keep a register of processing activities

The enterprise must be able to prove compliance with the GDPR at any point in time. To that end, you must keep a register of data processing activities. This replaces the mandatory declaration to the CNIL. The register should include all operations performed on personal data related to the following processes: collection, storage, use, sharing or destruction. The enterprise must ensure, at all times, that the processes in place are compliant, secure and that they guarantee data confidentiality.

As soon as a processing activity that may infringe privacy is detected, the enterprise must conduct a privacy impact assessment. These assessments must be documented.

3. Appoint a data protection officer

Such appointment is mandatory only for public sector organizations and companies processing sensitive data and/or data on a large scale. However, having recourse to one is highly recommended. This person must be involved in matters relating to the protection of personal data. The data protection officer’s main duties are to ensure compliance with the GDPR, to advise the controller on its application and to act as contact person with supervisory authorities.

The data protection officer may also be responsible for notifying the CNIL and the people concerned in case of violation of privacy, within a maximum of 72 hours.

4. Apply the principles of “privacy by design” and “privacy by default”

The principle of “privacy by design” aims at building privacy protection upfront when developing a new product, service or application.

The principle of “privacy by default” means that once a product, service or application has been released, the highest possible level of data protection should be guaranteed by the enterprise by default. In addition, the amount of personal data collected should be strictly limited to that which is necessary for the optimal use of the product, service or application.

5. Ensure transparency

Users must systematically be able to indicate consent or refusal for the processing of their personal data. They must also be informed in a clear and understandable way about the use that will be made of their data. The enterprise should be able to prove, at any point in time, the consent of a person. The following should therefore clearly be explained in the information notes: what data are collected, the purpose of the processing, the data retention period and the consequences of the refusal to provide personal data.

6. Allow data portability and destruction

The right to portability and the right to be forgotten give users the possibility to dispose of their data as they wish, either by requesting its retrieval in order to transmit it to a third-party enterprise or by asking for its destruction.

7. Raise awareness and train employees

Any employee who is likely to handle data must be aware of best practices to ensure its protection and confidentiality. Make sure to train all concerned within the enterprise.

Download our compliance checklist now.

For further information, please refer to the full text on the General Data Protection Regulation (GDPR).

Find out how your company can benefit from Dialog Insight.

Request a demo

Read also

News

New feature: The Orchestrator

Orchestrate your campaigns more effectively to boost performance and deliver a smoother, more engaging customer experience.

Read more

Security and conformity

Consent and marketing performance: do we really have to choose?

Data protection has become essential, which means companies must rethink their marketing approach. Consent, compliance, and marketing performance are no longer at odds: discover how better-qualified data makes it possible to build more effective and sustainable strategies.

Read more

Omni-Channel Marketing Campaign

How to synchronize your communications in an omnichannel strategy.

In an omnichannel strategy, communication channels should not operate in silos. Email, SMS, and notifications can complement one another to create a seamless and consistent customer experience. Discover how to orchestrate these channels intelligently to send the right message, at the right time, through the right channel.

Read more

Omni-Channel Marketing Campaign

7 tips for an optimal omnichannel customer experience

Consumers are becoming more and more careful about who they give their money to and which brands they trust. Adopting an omni-channel strategy has become a must if you want to optimize your customer experience and be at the top of your performance.

Read more

Omni-Channel Marketing Campaign

The ABCs of a good abandoned cart strategy

The abandoned shopping cart is a must in your e-commerce strategy, especially to ensure the conversion of your visitors. In fact, more than 7 out of 10 people abandon a shopping cart!

Read more

Omni-Channel Marketing Campaign

What Is an Email Journey? 

Discover the power of email journey to energize your business: from segmentation to automation. Learn how a targeted email marketing strategy can not only increase your sales and strengthen brand loyalty, but also enhance customer engagement with personalized content.

Read more
Marketer using Dialog Insight orchestration tool to plan campaigns and reduce email pressure

New: Orchestrator

Less pressure. More impact.

Orchestrate your campaigns more effectively to boost performance and deliver a seamless, engaging customer experience across every channel.

Take control of marketing pressure and prioritize your most strategic campaigns.

Discover the Orchestrator

New at Dialog Insight

Every message, on the right channel, at the right time — automatically.

What if your campaigns could find on their own the ideal channel and the perfect moment to generate more impact?With Smart Channel and Omnichannel STO, your campaigns become more engaging and more effective:
  • Automatically send each message through your contacts’ preferred channel
  • Trigger your sends at the optimal time to maximize impact
  • Drive more clicks, conversions, and revenue — without added complexity
See how to activate this smart duo