GDPR & DATA
CHAPSVISION assists and tools you in your GDPR compliance through 3 major actions
EQUIP YOURSELF WITH COHERIS GDPR TEXT-CONTROL
This software monitors in real time or asynchronously the data that can be particularly sensitive in the free fields of your applications such as CRM.
Coheris GDPR Text Control proposes to replace expressions forbidden by regulations by more adapted formulas..
ESTABLISH THE MAPPING OF YOUR DATA
We offer you a service consisting in collecting all the free fields of your applications, the sensitive data, the prohibited data from the point of view of the European regulations in force and to give you a cartography of them in the form of dashboards.
Train at the GDPR
The goal of this one-day training session is to increase your teams’ competence and awareness of personal data, to make them operational and avoid the risks of GDPR non-compliance.
WHAT YOU NEED TO KNOW ABOUT THE GDPR
GDPR : DEFINITION
- RGPD (Règlement Général sur la Protection des Données) in French
- GDPR (General Data Protection Regulation) in English
It is a regulation of the European Parliament and of the Council of the European Union (EU Regulation 2016/679) adopted in 2016 for entry into force in May 2018.
It aims to harmonize the governance of personal information within the member countries of the European Union, particularly in terms of the security and protection of personal data held by companies.
THE 3 MAJOR OBJECTIVES OF THE RGPD ARE AS FOLLOWS
- Strengthening the rights of individuals: including the creation of a right to portability of personal data and provisions specific to minors
- Making data processors responsible: data controllers and processors
- Making regulation credible: through enhanced cooperation between data protection authorities, which will be able to adopt joint decisions when data processing is transnational and strengthened sanctions.
WHICH COMPANIES ARE AFFECTED BY THE GDPR ?
The rules of the GDPR apply to all private or public companies in the 28 Member States of the European Union and more specifically to companies that:
- offer goods and services on the EU market.
- collect and process personal data on EU residents.
- The Regulation also applies to non-EU companies, as long as they collect and process personal data on EU residents.
RISKS IN CASE OF NON-COMPLIANCE
The CNIL reminds us that:
““At the end of controls or complaints, in the event of ignorance of the provisions of the RGPD or the law on the part of data controllers and subcontractors, the CNIL’s restricted training may impose sanctions on data controllers who do not comply with these texts.
With the GDPR (General Regulations on Data Protection), the amount of financial penalties can amount to up to 20 million euros or, in the case of a company, up to 4% of its annual worldwide turnover. These sanctions may be made public. »”
Checks are increasing and fines are flourishing.
THE 4 MAIN PRINCIPLES TO BE RESPECTED
Since 25 May 2018, the consent of individuals to the collection and processing of their personal data must be explicit and “positive”.
If you process personal data, you must be able to prove in case of control by the CNIL (Commission Nationale de l’Informatique et des Libertés) the collection of this consent.
This notion is intimately linked to consent: it is the condition for explicit and informed consent. Clearly, there must be no ambiguity in the information given to individuals about how their data will be processed.
- Rights of persons
In order to strengthen the rights of natural persons, new principles have emerged:
- A right of easy access for all
- A right to oblivion for all
- A right to limitation of processing
- A right to data portability
This requires organization and tools.
The EU has put in place various measures aimed at making companies responsible for the processing of personal data
- Obligation for companies to document all FAD (personal data) measures and procedures
- Reinforcement of security measures
- The principle of “privacy by design”
- Management of subcontractors
- Notification in the event of a security breach
- The obligation to appoint a Data Protection Officer for companies that process sensitive data or data on a large scale.
- The abolition of the obligation to declare to the CNIL.