Corporate

Is your company in compliance with the GDPR laws?

Published in December 2019 by ComparoLux

In an era when technology is at its peak, its constant impact on daily life is marked by a climate of mistrust felt by individuals towards companies that they deem negligent in the use of their personal data.

From this has emerged a European will to put in place unified regulations, with the intention of codifying the proper management of personal data.

Far from being a constraint for businesses, this new regulation is a gamble to restore transparency between consumers and businesses, in order to restore a climate of trust that is essential to a more pleasant customer experience and a win-win relationship.

But if this regulation aims to protect the privacy of European Internet users, its repercussions are very strict on companies that collect data, and can lead to heavy sanctions if they fail to obey the principles of this legislation.

What does GDPR mean?

The GDPR aims to solidify the legal framework around the protection of personal data, giving back to European citizens control over their data. But in short, what is personal data? The concept of "personal data" encompasses a broad definition because it is "any information relating to an identified or identifiable natural person", knowing that identification can be either direct with the surname, first name or postal address, as it can be indirect through an identifier, an IP address or a number. To summarize, whether it is a date of birth, city, or sexual orientation, any information that could identify a person is included in the notion of personal data that the GDMP aims to protect.

What is the purpose of the GDPR?

The acronym GDPR, which stands for the "General Data Protection Regulation", is a recent piece of legislation that was drafted in May 2016 with the aim of establishing a genuine legal framework for the protection of personal data and which has been in force since May 25, 2018. It represents a true reference text concerning the protection of all personal data in Europe, detailed in more than 88 pages that you can consult free of charge online.

The new European law has multiple objectives, the most ambitious of which are the following:

To standardize European legislation relating to the protection of personal data by reinforcing control and applying similar laws and sanctions throughout the European Union.
To make the organizations involved in the data responsible by imposing a new method of data management.
Create simplified regulations that companies can easily adopt.
Giving individuals back control over their personal data by strengthening their rights.

Which companies are concerned?

The scope of the DPMR is broader than one might think because it concerns any company, private or public, regardless of its size or workforce, that is headquartered in the European Union. The regulation also impacts companies that are not established in the European Union but whose activity collects and processes personal data of European residents or which offer services on the European Union market.
The organizations concerned must comply with the obligations of the DPSR as of May 2018.

Are there sanctions in case of non-compliance?

Failure to comply with the GDPR means that companies that ignore the provisions of the regulation run the risk of incurring heavy financial and administrative penalties. If the company is found to be non-compliant during the inspection, a penalty ranging from a simple warning to a formal notice may be imposed. It may also order the suspension, limitation or deletion of data flows.

Furthermore, if the penalty is imposed, depending on the degree of the infringement, the amount of the fine may be as high as 20 million euros, or 4% of the company's worldwide annual turnover.

Conclusion

Currently, non-compliance with the GDPR is the equivalent of a sledgehammer blow to your business. As binding as it may be, compliance with the GDPR must be one of your immediate priorities so that you are no longer exposed to heavy penalties.

If your company collects data on European citizens, or if your company is located in the European Union, then you are directly concerned by this new regulation.

Thanks to Comparolux, our team is committed to supporting you at every step of the way in your efforts to comply with the GDPR, and will put you in touch with various firms specialized in this field. Comparolux offers you the possibility to start the procedure right now, as we provide you, through our platform, the opportunity to elaborate a free GDPR quote adapted to your structure.

Take the first step now and fill out this form to request a free GRPD quote with Comparolux.