On May 25, 2018, the GDPR is founded from the European will only as a legal framework to protect the processing and circulation of personal data determined by the CNIL. What are the formalities required by the general regulation on data protection?
Some notions to know
The General Data Protection Regulation (GDPR), is supported by any body processing personal data. In order to comply with the GDPR, the CNIL recommends six actions: “Designate a pilot, list the files, identify high-risk processing, respect the rights of individuals, secure the data, and ensure that the service provider complies with the GDPR in the event of subcontracting”.
The CNIL proposes to participate in the MOOC GDPR, a free online GDPR training course. The objective is to put, discover, understand the organization and also to raise awareness of the organization concerned to this theme. Especially DPO, data protection. People who have followed all the modules and answered questions per training unit are welcome to join the MOOC, with a certificate given at the end of the training course. MMA has also put a technique online to be able to assess the practices and level of risk in relation to the new provisions of the GDPR on the collection and use of personal data.
Mastering the general regulations on data protection
The pedagogical objectives are to discover the required formalities, to determine the legal aspects, to appoint a Data Protection Officer, to know the importance of the Obligations of the DPMR. The fundamental principles are the essential notions, the competences of the supervisory authorities, the scope of application. The roles of the DPO are to ensure the lawfulness of the processing, to raise awareness and train, to inform data subjects, to guarantee the standard of security and security within an organisation, to carry out a DPIA (Data Protection Impact Assessment), to keep the register of processing activities, to check data security, to manage the rights of data subjects, to prepare for an audit.
Fines of up to €20 million are foreseen for organisations not complying with the GDPR in case of infringement. Otherwise, if the procedure is launched for the giants of the net, one has to imagine what this could mean.