The regulations on the protection of personal data on the web have become increasingly strict in recent years. For this reason, the National Commission for Information Technology and Civil Liberties encourages individuals as well as companies to comply with the General Data Protection Regulation. But how to comply with this data protection standard?
What is the General Data Protection Regulation?
The General Data Protection Regulation law is a standard regulating the processing, storage and use of personal data.
This data is generally used by companies, as well as individuals, for the proper functioning of their business sectors, and is likely to identify an individual by name, surname, location, telephone number, etc. Ultimately, this regulation is designed to protect European citizens by strengthening the laws concerning personal data.
Regardless of their sector of activity, all companies (or individuals) that collect personal data, on the web, on computers or on paper, are concerned by this regulation and must comply with it.
How to comply with the General Data Protection Regulation?
For France, the National Commission for Information Technology and Civil Liberties has summarised, on its official website, the 6 essential steps to prepare correctly for the General Data Protection Regulation.
For companies, certain data or documents, whether in digital or paper format, must be processed and kept for certain periods of time for their business.
To do this, these professionals are required to inform data subjects that once the specific storage period has passed, their data will be systematically deleted. Similarly, if a person asks a data subject to permanently delete his or her personal data (an Internet user for example), the latter will be obliged to comply with the General Data Protection Regulation.
General Data Protection Regulation: the five rules to respect
Companies must respect the real protection of data, the consent of the client or consumer, the right to be forgotten or the right to erasure, the access of the persons concerned to their data and finally the data protection officer.
For each processing and use of users’ personal data, especially in the case of Internet users visiting companies’ websites, the General Data Protection Regulation requires that these professionals ask for the consumer’s consent.
In the event of a request for deletion, the actors concerned by this regulation will have 30 days to permanently delete this data.