All about the RGPD
Find below the obligations of the RGPD but also the answers to the questions you regularly ask yourself.
What is the RGPD?
Why you need to take action
4 YEARS LATER, NO ONE IS SUPPOSED TO IGNORE THE SUBJECT
While there may have been some tolerance at the beginning, today everyone has been widely informed. It is impossible to pretend not to be aware.
THE CNIL IS INCREASINGLY INTERESTED IN SMALL AND MEDIUM-SIZED COMPANIES
- The role of the CNIL: facilitator but also control authority
- Priority was initially given to large groups who have now done a large part of the necessary work
- In the event of an inspection, the CNIL can issue formal notices and in some cases impose fines
- The CNIL's 2021 annual report counts
- nearly 15,000 complaints
- fines for more than 214M€ (+55% compared to 2020)
- 384 controls
- In April 2022, the CNIL adopted a system of simplified sanctions of up to 20,000€, especially for SMEs, VSEs and self-employed people.
INDICATORS IN CLEAR PROGRESSION
The CNIL's 2021 report shows once again the growing awareness of citizens who can contact the CNIL when they feel that their rights are not being respected. The number of complaints received by the CNIL has doubled in five years, despite a stabilization during the COVID. Some of these complaints may lead to company audits.
In addition, the CNIL receives all data breach notifications reported by companies or organizations that are victims of incidents or hacks that compromise personal data. Even though a portion of these events go unreported, the number of notifications jumped by 79% in 2021.
Interestingly, over the year 2021, 26% of these notifications come from micro-businesses and 43% from SMEs. This confirms that the smallest structures are particularly exposed to attacks and sometimes insufficiently protected.
WHAT ARE THE OTHER RISKS OF INACTION?
- First, you risk losing the trust of your customers and prospects who entrust you with their data if you do not show them that you are protecting their data
- The other major risk is therefore the accidental leakage of data or malicious action (hacking, ransomware,...).
- In this matter, it's a bit like "RGPD & cyber security, same fight"
- Don't forget that taking data security into account is a requirement of the RGPD
- You must absolutely implement security measures, whether it be at the IT level or with regard to your organization
- At the technical level, it is necessary to think about
- antivirus
- efficient password system
- software updates
- etc.
- At the organizational level
- staff training
- confidentiality clauses
- IT charter
- etc
- At the technical level, it is necessary to think about
Good GDPR compliance therefore limits the risks of fraud and data leakage
ABOVE ALL, BEING IN COMPLIANCE BRINGS MANY CONCRETE BENEFITS
- "Putting things in square brackets"
- Show your clients and partners that you take the subject seriously
- Educate your colleagues and collaborators about privacy
- No more fear of CNIL or customer audits
- Think about the risks related to the management of personal data
- Implement security measures commensurate with your organization's risks
- Collect data in compliance with regulations
- Show on your website that you have taken privacy into account
- To be able to respond to requests for access, rectification
- Implement an end-of-life data archiving and destruction policy
How to comply?
WHERE TO START?
- LAWYERS, CONSULTANTS AND OTHER SERVICE PROVIDERS SEEM TOO EXPENSIVE?
- TOO COMPLICATED TO GO ALONE?
- IN SHORT, YOU DON'T KNOW WHICH WAY TO TAKE IT?
HERE ARE SOME ALTERNATIVES TO BRING YOU INTO COMPLIANCE
Do nothing- Do everything internally using tools, supports
- Involve a service provider (lawyer or specialized counsel)
- Entrusting the whole thing to an external DPO
By weighing the "pros and cons", you will undoubtedly see that there is no perfect solution, each company/structure has a particular need, a specific context. The cost and time investment must be taken into consideration, now and in the future.
OUR TIPS FOR COMPLIANCE
- Aim for sustainable compliance
- Not just a "one-shot" mission
- Rather, a program that is sustainable and can be truly integrated
- Easier when your processes change
- Easier to go with "homeopathic doses".
- You can't delegate everything, it's your business, your processes, your customers etc.
- You must have a mastery of the subject even if no one in your company is dedicated to it
- Above all, you must be able to respect your commitments e.g. on data processing and deletion
- A 360° approach that addresses all the RGPD issues on all dimensions
- Not just the personal data policy
- Not just a legal or technical approach
- Keep it simple, aim for 80/20
- Prioritize topics
- Use proven models, no need to "always reinvent the wheel
- For example, the data policy must be simple and easy to understand by the average person
GDPR FOLDER HAS REAL ASSETS TO HELP YOU IN YOUR APPROACH
- A very affordable cost compared to the alternatives
- You start immediately
- You can move forward independently and complete the questionnaire
- You quickly know where you stand
- You have all the necessary legal documents to "adjust the shot".
- Your RGPD file is built up as you go along
- Etc.
GDPR FOLDER IS A SMART SOLUTION FOR YOUR COMPLIANCE
GDPR Folder is the solution for small and medium-sized businesses, liberal professions, associations and other public structures
You have a result indicator that shows you the evolution of your compliance
You can start immediately and in a few hours you will be able to show your efforts
GDPR Folder allows you to show your customers, your prospects, your employees and in case of control your compliance with the RGPD
Thanks to GDPR Folder, compliance becomes a rapidly attainable goal
Take 2 minutes to test yourself on the RGPD: you'll know!
Choose one of our no-obligation tests to quickly get a precise idea of the "RGPD risk" for your activity or of your level of preparation with regard to the RGPD...
Objective: these questionnaires allow us to provide you with an insight into your activity in terms of RGPD. The results communicated and the advice shared are indicative with the sole objective of making you aware of the importance of the RGPD in your field.
How it works: these tests are free and without obligation. All you have to do is answer the few questions in the way that you think best suits your business. We ask you for your email address in order to guarantee the uniqueness of the answer and to allow us to communicate the results in a personalized way.
Data: your emails will not be given or shared with third parties for any purpose whatsoever. By clicking on the SEND button on any of the questionnaires, you agree to our Privacy Policy which you can view and download below.
Site design and referencing by
