- Category: Legislation
Understanding GDPR for French companies
Just a few months ago, a new European legislation to protect the data of European citizens just went into effect: the General Data Protection Regulation (GDPR). If you’ve got a European company or even just European clients, this is something you need to pay attention to.
Am I concerned by the GDPR?
If your company has any personal data on European Citizens, then you have to be wary. It doesn’t matter what you do with this data, just like it doesn’t matter how large your company is; this piece of legislation concerns you.
As for what exactly is meant by “personal data”, this is voluntarily defined in a very broad fashion. If a piece of data makes it possible to identify someone, even if it’s by combining it with other data, then it is concerned by the GDPR. Even if you can’t identify them by name, and only by phone number, credit card number, e-mail address, etc., it is still considered “personal data”.
What does the GDPR state?
Basically, it states that everyone has rights that you must respect when gathering their personal data.
As such, when you gather someone’s data, it’s imperative that they know that data is being gathered, what you’re going to do with said data, that they have access to this data if they so desire. In particular, they have to be able to modify it and even demand it be erased.
Furthermore, not only are the rules stricter, but the potential sanctions are harsher as well: if your company doesn’t respect these rules, it can pay a fine of up to 20 million euros or 4% of your turnover (whichever’s higher).
Thankfully, because it’s such a constraining piece of legislation, the European Commission has stated that it will be relatively lenient within the first month because a period of adaptation is necessary.
If you’ve found that the GDPR concerns your company, then it might be worth your time to take a look at what my company should do to comply with GDPR regulation.