The new General Data Protection Regulation is tightening up the personal data management practices of organisations in general, and digital players in particular.
When the regulation was published, Cegid began a compliance programme for its own solutions and internal data management is now making its expertise available to its customers. In this document, we will present the content and challenges of GDPR, with a focus on the role of the Data Protection Officer (DPO), and a summary of our expertise in the subject.
Presentation and Challenges
The 25th May 2018 saw the introduction of a new EU legislation, General Data Protection Regulation (GDPR), a new law by the European Commission. Its provisions apply in the 28 countries of the European Union to every organisation in the world that provides goods and services to European citizens, and those who store, host and handle the personal data of European residents.
The growing importance of digital technology in individuals’ everyday lives makes it easier for organisations to use personal data. Where their aims are profiling, personalisation and monetisation, these practices need to be adapted, both to improve the protection of individuals’ personal data and to help organisations to introduce standardised and transparent data governance, making it easier to run high value-added analytical programmes (know your customer and personalisation, risk and fraud management, etc.).
The aim of GDPR is to “give control back to citizens over their personal data, while also simplifying the regulatory environment for organisations”. These provisions will profoundly alter the way in which personal data are collected, managed, stored and protected for organisations.