GDPR is a European rule, that came into force in may 2018 in the 28th European countries. In France it extends the 1978 law “Informatique et Liberté”. People have new rights to access, modify or supress their data from the organizations processing them. One particular change is that a person should now have always given is consentment (opt-in) for the processing of personal data. People request can now be carried directly to the organizations processing data or to the regulator.
Data protection for those personal data that are captured by administrations and companies is crucial to privacy protection and individual freedom. CNIL (Commission Nationale Informatique et Liberté) is the regulator in charge of enforcing GDPR in France. Thereby, it can inflict large penalities to organizations that do not bind to GDPR principles. Not only those organizations located in France, but whatever institution processing personal data from European citizens from any place in the world. This is particularly true for GAFAM.
Primary objective of the new regulation is to reverse the responsability of organizations that do not have to ask permission to the regulator anymore but need to ensure by themselves their compliance with security and legal practises regarding personal data collection and processing. Organizations do not have to declare their files of personal data to the CNIL anymore. The responsability is now conversely to make sure personal data is safe and GDPR compliance is met. Organizations must be in position to prove at any time that they have correctly achieved their personel information, that they are able to respond to an incident and that they have done their due diligence for securing the data they hold. Sensitive data and voluminous data processing must be subject to specific risk analysis called Privacy Impact Assessment. Organizations must be able to prove such precautions for themselves as wellas for their subcontractors in data processing.
Real facilitation in the global understanding of GDPR and its setup in the organization using standard practises is what Personal Interactor provides to companies for tackling with the compliance requirements.