New Legislation | In depth look: Protecting personal data
Publié le :
04/01/2018
04
janvier
janv.
01
2018
In May 2018, new European regulations on the protection of personal data will enter into force. All companies will have to comply.
The regulation aims at reinforcing the rights of persons whose personal data is used, and to increase the responsibility of those who are involved in the use of this data. It will give new prerogatives to the French Commission nationale de l'informatique et des libertés (Cnil) in charge of overseeing compliance in this field, including sanctioning violations.
Here are some steps to implement in the coming months:
1. Designate a pilot:
To manage the governance of your company’s personal data, you will need a pilot, someone who will carry out an information, advisory and internal control mission: the data protection officer. This is mandatory in certain companies, but in practice is highly recommended for all.
2. Start by accurately listing/auditing your personal data processing.
The development of a register/audit of uses of personal data should cover the company internally and, if applicable, any subcontractor.
3. Prioritize the actions that need to be taken
Based on your register/audit, identify the actions that you’ll need to take to comply with current and future obligations. Prioritize these actions with regard to the risks your uses pose to the rights and freedoms of the people concerned.
4. Manage Risks
If you have identified the processing of personal data that may give rise to high risks for the rights and freedoms of data subjects, you will need to carry out a data protection impact assessment for each of these uses.
5. Organize Internal Processes
To ensure a high level of personal data protection at all times, implement internal procedures that ensure that data protection is taken into account, consider all the events that may occur in the long run (ex: security breach, management of requests for rectification or access, modification of data collected, a change of provider) and make sure that quick reactions are planned and implemented in case of security breaches.
6. Document your company’s compliance
To prove your compliance with the rules, you must create and consolidate the necessary documentation. Actions and documents completed at each stage must be reviewed and updated regularly to ensure continuous data protection, including with any subcontractor.
Historique
-
Looking forward | The Macron Reforms: Staff bodies
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsUp to now there was much confusion for foreign employers regarding the organi...
-
Recent case law | Religious symbols // The Islamic Veil in the workplace
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsAs you may know, religious signs in the workplace is a hot topic in Europe, a...
-
New Legislation | In depth look: Protecting personal data
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsIn May 2018, new European regulations on the protection of personal data will...
-
New Legislation | In brief: Macron reforms: Softening the rules regarding dismissal letters
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsUp to now, in personal and economic dismissals, employers were barred from ad...
-
Do’s & Don’ts | This month: Reacting to Sexual Harassment
Publié le : 04/01/2018 04 janvier janv. 01 2018NewsThis topic has dominated the headlines the past few months, but it doesn’t on...
-
"La mise en place des nouvelles dispositions relatives au CSE dans les entreprises à établissements distincts" par Jeannie Crédoz-Rosier
Publié le : 29/12/2017 29 décembre déc. 12 2017Dans les médiasCSE : Questions pratiques sur la mise en oeuvre des dispositions de l’ordonna...