New Legislation | In depth look: Protecting personal data
Publié le :
04/01/2018
04
janvier
janv.
01
2018
In May 2018, new European regulations on the protection of personal data will enter into force. All companies will have to comply.
The regulation aims at reinforcing the rights of persons whose personal data is used, and to increase the responsibility of those who are involved in the use of this data. It will give new prerogatives to the French Commission nationale de l'informatique et des libertés (Cnil) in charge of overseeing compliance in this field, including sanctioning violations.
Here are some steps to implement in the coming months:
1. Designate a pilot:
To manage the governance of your company’s personal data, you will need a pilot, someone who will carry out an information, advisory and internal control mission: the data protection officer. This is mandatory in certain companies, but in practice is highly recommended for all.
2. Start by accurately listing/auditing your personal data processing.
The development of a register/audit of uses of personal data should cover the company internally and, if applicable, any subcontractor.
3. Prioritize the actions that need to be taken
Based on your register/audit, identify the actions that you’ll need to take to comply with current and future obligations. Prioritize these actions with regard to the risks your uses pose to the rights and freedoms of the people concerned.
4. Manage Risks
If you have identified the processing of personal data that may give rise to high risks for the rights and freedoms of data subjects, you will need to carry out a data protection impact assessment for each of these uses.
5. Organize Internal Processes
To ensure a high level of personal data protection at all times, implement internal procedures that ensure that data protection is taken into account, consider all the events that may occur in the long run (ex: security breach, management of requests for rectification or access, modification of data collected, a change of provider) and make sure that quick reactions are planned and implemented in case of security breaches.
6. Document your company’s compliance
To prove your compliance with the rules, you must create and consolidate the necessary documentation. Actions and documents completed at each stage must be reviewed and updated regularly to ensure continuous data protection, including with any subcontractor.
Historique
-
New Legislation | In depth look: Protecting personal data
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsIn May 2018, new European regulations on the protection of personal data will...
-
New Legislation | In brief: Macron reforms: Softening the rules regarding dismissal letters
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsUp to now, in personal and economic dismissals, employers were barred from ad...
-
Do’s & Don’ts | This month: Reacting to Sexual Harassment
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsThis topic has dominated the headlines the past few months, but it doesn’t on...
-
Happy New Year 2018
Publié le : 28/12/2017 28 décembre déc. 12 2017NewsFichy Grangé Avocats wishes you a wonderful year. In 2018, more than ever, y...
-
Harmers wins Gold Medal in Employment Law in the HRD Service Provider Awards 2017
Publié le : 12/12/2017 12 décembre déc. 12 2017L&E GlobalL&E Global is proud to announce that our member firm in Australia, Harmers Wo...Source : leglobal.org
-
Van Olmen & Wynant’s Employment Law Forum: The New Re-integration Procedure for Long-term Ill Employees
Publié le : 21/11/2017 21 novembre nov. 11 2017L&E GlobalVan Olmen & Wynant (L&E Global Belgium), together with the Belgian Institute...Source : leglobal.org