RGPD and data processing: key points to remember

The General Data Protection Regulation (RGPD) is the European regulation that aims to strengthen the protection of personal data. The RGPD provides a framework for the processing of personal data on the territory of the European Union.
The main objective being " to harmonize the protection [...] of natural persons with regard to processing activities and [to] ensure the free flow of personal data between Member States ". This has a direct impact on companies processing personal data, but also on customers, who regain control of their data.

For companies, the application of these regulations means being transparent with their customers about the use of the data they collect, adopting a new data protection policy and reviewing everyone's roles internally.

The text has three objectives: to consolidate the rights of individuals, to strengthen the powers of the European authorities and to make companies that process personal data more accountable.

• The DPO, or Data Protection Officer

The DPO is at the heart of the European Regulation, which has been the legal framework applicable throughout the European Union since May 2018. Companies and institutions required to process personal data on a large scale consult a Data Protection Officer (a DPO) whose main mission is to ensure that their employer or client complies with the legislation whenever it uses the data collected for commercial or internal purposes (HR software). He or she must therefore have a 360° vision of the use of personal data, a cross-functional role that requires him or her to work with all company departments (general management, marketing, development or human resources).

To achieve this, the DPO must be involved from the outset of the project, mapping the personal data and the processing processes involved, and recommending an appropriate security and confidentiality policy. To never be in the dark and risk a breach, the DPO must periodically monitor the company's (or its customer's) compliance on the use of personal data by undertaking impact, risk and intrusion analysis actions to warn the interested party of a possible RGPD breach.

• Playing the transparency card

The collection and processing of personal data means total transparency! Companies must explicitly declare to individuals the use made of their data, which they can however refuse. They must also inform consumers of any data breaches or thefts, where these are likely to pose a high risk to the rights and freedoms of individuals, so that they can take the necessary precautions.

Accountability, a fundamental principle of the European Pact, refers to the obligation for companies to implement internal mechanisms and procedures to demonstrate compliance with data protection rules, by providing detailed documentation.

• Personal data protection

Furthermore, companies are prohibited from transmitting the personal data of a European citizen outside Europe, forcing them to stop using the services of foreign companies (American, Asian, etc...). And this is true whether the company is established in Europe or not, as the RGPD concerns all companies processing personal data of European citizens and operating on this market. For this notion of data protection to be respected, players need to natively integrate the security standards put in place across the entire data lifecycle into solutions, applications (CRM, ERP, MDM...) and cloud service providers.

• The true right to be forgotten

Individuals have the right to forget their personal data. They can contact the company and ask it to permanently deactivate and/or delete their data. The company then has no choice but to execute the request, within 30 days. Some players perceive this change as a threat to their operations, permanently losing their users' data. In reality, what we need to remember here is that the customer is put back at the heart of the privacy protection thought process, and by respecting the consumer's choice, the company maintains the bond of trust previously established. Yes, because welcoming a customer generally means hoping to keep them and build a lasting relationship based on mutual trust. And protecting customer data plays a vital role in building that trust.

• Data portability

The RGPD requires companies to make their personal data available to individuals who request it, in a structured and readable format. With the right to data portability, users can ask to retrieve data provided to a platform for personal use or to pass it on to a third party. This new right is designed to strengthen control over personal data.

Naturally, these regulations are backed up by penalties. There are several levels:

• Low: Call to order.

• High: Depending on the articles of the regulation not complied with, administrative fines ranging from 10 to 20,000,000 euros or 2 to 4% of worldwide annual sales.

Despite the very strict nature of the RGPD's provisions, which can give personal data protection a negative image, we believe, on the contrary, that the existence of such a unified framework constitutes, for European companies, a real chance to differentiate themselves in global competition by putting forward a constant concern for protecting the interests of consumers and citizens. It also enables them to increase their customers' confidence in them, and to enhance the quality of their data. We no longer speak of " Big Data ", but of " Smart Data ".

ViaDialog, RGPD Compliant

With this in mind, data protection is of paramount importance to ViaDialog. We attach extreme importance to the protection and confidentiality of our customers' and users' information. Indeed, the requirements of the RGPD are, for us, essential and our team continually adjusts our contractual commitments so that our customers can comply with the regulations in force.

ViaDialog is the only French player to offer the full range of technological factors and maintain research, development and maintenance operations in France.

‍

Discover ViaDialog