The new directives in the GDPR legislation dating from 1st April 2021 apply to both private and public sector companies.
In fact, many professionals have to become Data-Responsible. Their duty is to give priority to data and to respond to ethical, legal and social challenges. All of this, while respecting the privacy of users, which results from the use of data in new and different ways.
What is the GDPR legislation?
The GDPR: definition
The GDPR - or General Data Protection Regulation - is a set of rules designed to regulate the use (and processing) of personal and sensitive data. These directives are an extension of the French Data Protection Act of 1978.
Its goal? To strengthen the control of the exploitation of users' data to protect their privacy and their personal information.
What is personal data?A personal data - or given sensitive - includes "any information relating to an identified or identifiable individual1. It can be :
The GDPR : who is concerned?
According to the CNIL, the GDPR "applies to any organization, public or private, which processes personal data on its own behalf or not, as long as it is established on the territory of the European Union, or its activity directly targets European residents "2.
Whatever your activity, your sector or your location, you are concerned by the GDPR if you process personal data.
GDPR legislation: what are the issues and duties?
Being Data-Responsible encompasses a variety of issues that are sometimes considered separately, such as privacy and data protection, the need for transparency, or ethical challenges. For each of these to be truly addressed, they must be considered as a whole and addressed comprehensively.
The objective of a Data-Responsible professional is to guarantee the strict confidentiality of users' data. He is committed to proving the respect and sobriety of digital responsibility in the collection and processing of personal data.
Companies have a duty of transparency regarding their collection work and must obtain the consent of their users and customers.
How to ensure compliance with the RGPD?
Any company responsible for processing personal information must comply with the RGPD data protection legislation. For this, 4 possibilities:
- Identify activities that use (and need) data collection to get a comprehensive view of data use and processing;
- Sort data for sensitivity level;
- Respecting withdrawal rights and consent;
- Secure the use and processing of all data.
Good to knowIf the RGPD has not been very well received, it is (now) no longer perceived as an obligation/constraint. Companies that guarantee the respect of sensitive data are highly appreciated by Internet users and win more easily the confidence of their clients and prospects. They thus demonstrate their transparency and their reliability. A real positive for better user engagement and brand image.
What impact on the private/public professional sector?
The General Data Protection Regulation considerably reorients current practices by making the issue of Internet users' privacy and data security a central issue in the management of digital assets.
Not only does it invite all the stakeholders of a company or public organization (CDO, CFO, DPO, analysts, etc.) to sit around a table to discuss :
- customer experience,
But it also triggers an overhaul of practices and processes to become a Data-Responsible company.
In addition, the speed and frequency of updates to digital ecosystems will require investments to continuously audit, monitor and correct all parameters of the current regulations.
How to ensure regulatory compliance?
After more than 2,000 audits conducted with Data On Duty, we observe that the most advanced professionals are those who work on the 4 main themes required by the regulation for the 3 modes of consent: accepted, refused, ignored. This includes:
- differentiated triggering of tracking technologies;
- the rules of conformity relating to the sending and reading of cookies (setting, expiration, securing...);
- storage of local and session data;
- data transport in domains, sub-domains, third parties...
In addition, these professionals have taken into account the frequency of updates to sites and Web Apps by auditing - at a sufficiently high frequency - the risks of untimely, inappropriate or unwanted changes to their digital environments. Whether it's third-party cookies, setting cookies, piggy-back tags, bouncing of third-party requests, securing data transport within the site/application, inoperative CMP, etc.
The objectives of these companies are ambitious and must be shared by the whole organization within a short time horizon, for an ethical, Data-Responsible company, listening to its customers on privacy aspects, and transparent on data use.
How to restore trust, regain consent and protect the company?
It is not always easy to gain the trust of users andobtain their consent. Especially if the data processing does not seem to be reliable or secure.
In this, it is essential to be pragmatic and to focus, initially, on the themes previously mentioned and to record the audits and treatments in order to bring, in case of control, the proof of the method, the means and the results. The task of a company to become Data-Responsible is a path that can easily take time.
Start right away by prioritizing people's rights to consent, privacy, security and property when using data as part of social change and regulatory compliance efforts. This is a sign of change and a great way to rebuild trust with visitors to regain consent rates.
If a company wants to collect customer data, it must be transparent and have many tools to reassure users and prove its good faith. Implementing values and practices of transparency and openness is a time-consuming investment. However, it is the best way to secure the value of the company in its digital model.
At Data On Duty, we guarantee the confidentiality and respect of the personal data of Internet users. Need help to comply with the RGPD legislation?