Request an audit
Log in
Replay Master Class: Reconciling Tracking Performance and Respect for Privacy
Contact
Request an audit

Non-compliance with GDPR legislation: the impact on your company

The author

Christophe Dumoulin

Theme(s)

Data PrivacyPersonal DataGDPRRegulationGDPR

Published on

30-09-2021

5 minutes

Non-compliance with GDPR legislation: the impact on your company

The new directives in the GDPR legislation dating from 1st April 2021 apply to both private and public sector companies.

In fact, many professionals have to become Data-Responsible. Their duty is to give priority to data and to respond to ethical, legal and social challenges. All of this, while respecting the privacy of users, which results from the use of data in new and different ways.

What is the GDPR legislation?

The GDPR: definition

The GDPR - or General Data Protection Regulation - is a set of rules designed to regulate the use (and processing) of personal and sensitive data. These directives are an extension of the French Data Protection Act of 1978.

Its goal? To strengthen the control of the exploitation of users' data to protect their privacy and their personal information.

What is personal data? 

A personal data - or given sensitive - includes "any information relating to an identified or identifiable individual1. It can be : 
  • identity (first name/surname)
  • the location
  • political and philosophical opinion
  • sex life
  • the image...
The GDPR provides a framework for the processing of this personal data Professionals must therefore be able to justify their use and prove their compliance and security.

The GDPR : who is concerned? 

According to the CNIL, the GDPR "applies to any organization, public or private, which processes personal data on its own behalf or not, as long as it is established on the territory of the European Union, or its activity directly targets European residents "2.

Whatever your activity, your sector or your location, you are concerned by the GDPR if you process personal data.

GDPR legislation: what are the issues and duties?

Being Data-Responsible encompasses a variety of issues that are sometimes considered separately, such as privacy and data protection, the need for transparency, or ethical challenges. For each of these to be truly addressed, they must be considered as a whole and addressed comprehensively.

The objective of a Data-Responsible professional is to guarantee the strict confidentiality of users' data. He is committed to proving the respect and sobriety of digital responsibility in the collection and processing of personal data

Companies have a duty of transparency regarding their collection work and must obtain the consent of their users and customers.

How to ensure compliance with the RGPD?

Any company responsible for processing personal information must comply with the RGPD data protection legislation. For this, 4 possibilities:

  • Identify activities that use (and need) data collection to get a comprehensive view of data use and processing;
  • Sort data for sensitivity level;
  • Respecting withdrawal rights and consent;
  • Secure the use and processing of all data.

Good to know

If the RGPD has not been very well received, it is (now) no longer perceived as an obligation/constraint. Companies that guarantee the respect of sensitive data are highly appreciated by Internet users and win more easily the confidence of their clients and prospects. They thus demonstrate their transparency and their reliability. A real positive for better user engagement and brand image.

What impact on the private/public professional sector?

The General Data Protection Regulation considerably reorients current practices by making the issue of Internet users' privacy and data security a central issue in the management of digital assets. 

Not only does it invite all the stakeholders of a company or public organization (CDO, CFO, DPO, analysts, etc.) to sit around a table to discuss :

  • data, 
  • security, 
  • customer experience, 
  • marketing, 
  • ethics, 
  • transparency,
  • confidence...

But it also triggers an overhaul of practices and processes to become a Data-Responsible company.

In addition, the speed and frequency of updates to digital ecosystems will require investments to continuously audit, monitor and correct all parameters of the current regulations.

How to ensure regulatory compliance?

After more than 2,000 audits conducted with Data On Duty, we observe that the most advanced professionals are those who work on the 4 main themes required by the regulation for the 3 modes of consent: accepted, refused, ignored. This includes:

  • differentiated triggering of tracking technologies;
  • the rules of conformity relating to the sending and reading of cookies (setting, expiration, securing...);
  • storage of local and session data;
  • data transport in domains, sub-domains, third parties... 

In addition, these professionals have taken into account the frequency of updates to sites and Web Apps by auditing - at a sufficiently high frequency - the risks of untimely, inappropriate or unwanted changes to their digital environments. Whether it's third-party cookies, setting cookies, piggy-back tags, bouncing of third-party requests, securing data transport within the site/application, inoperative CMP, etc.

The objectives of these companies are ambitious and must be shared by the whole organization within a short time horizon, for an ethical, Data-Responsible company, listening to its customers on privacy aspects, and transparent on data use.

How to restore trust, regain consent and protect the company?

It is not always easy to gain the trust of users andobtain their consent. Especially if the data processing does not seem to be reliable or secure. 

In this, it is essential to be pragmatic and to focus, initially, on the themes previously mentioned and to record the audits and treatments in order to bring, in case of control, the proof of the method, the means and the results. The task of a company to become Data-Responsible is a path that can easily take time.

Start right away by prioritizing people's rights to consent, privacy, security and property when using data as part of social change and regulatory compliance efforts. This is a sign of change and a great way to rebuild trust with visitors to regain consent rates.

If a company wants to collect customer data, it must be transparent and have many tools to reassure users and prove its good faith. Implementing values and practices of transparency and openness is a time-consuming investment. However, it is the best way to secure the value of the company in its digital model.

At Data On Duty, we guarantee the confidentiality and respect of the personal data of Internet users. Need help to comply with the RGPD legislation?

1Source: CNIL

2Source: CNIL

Contact us for more information!

You will also like...

Cookie legislation: the GDPR and the CNIL strike hard

User Engagement

Cookie legislation: the GDPR and the CNIL strike hard
After the control campaign launched in April, the CNIL announces a second series of formal notices aimed at "...

19.07.2021

Data collection: let's all be Data-Responsible!

User Engagement

Data collection: let's all be Data-Responsible!
As GDPR controls intensify and fines fall, the major challenge for digital teams is to boost the...

28.09.2021

When to change Web Analytics tools?

User Engagement

Data tracking : responsibility and consent are yours
The major lever of an efficient Data-Responsible strategy is the political will of the company to commit to it in an operational, provable way...

05.10.2021

Back to the blog

S’abonner à la Newsletter

Don't miss any Data On Duty content and stay up to date with all the latest Data Privacy and Data Governance news!