Consumers are now demanding more privacy and security in t he processing of their personal data.
What are the challenges for the data controller?
There are several challenges for the data controll
er – i.e. the legal or natural person who determines the purposes and means of a processing operation – to overcome at different scales:
– information management: reducing the data collected by establishing a precise commercial context, and reducing the risks by taking care of the contracts;
– communication with suppliers: being able to find solutions and evaluate each other;
– monitoring of data processing: setting up mechanisms for reporting data breaches or threats concerning suppliers (for example, if Easyjet has had a data breach, the data controller, operating in the same business sector as the airline, if notified, can redirect its decisions.
What are the risk management methods?
A more effective risk management includes precise identification of suppliers, prior audits when integrating new suppliers, automation of evaluation and control processes, and risk prevention to protect data.
What about cookies?
They are used to collect data. Their presence is materialized by the banners you find on websites that ask for your consent to collect certain data.
In summary, there are 3 types of cookies:
– cookies strictly necessary for the operation of the site;
– cookies intended to improve the performance and functionality of the site;
– advertising cookies (which will soon disappear, Firefox has already put an end to them, and Google has announced that Chrome will no longer use them in 2021).
How do I collect online consent?
Remember that in France, consent must be free, specific, informed and unambiguous (GDPR).
Nevertheless, in order to collect consent, the user must understand what he is consenting to. He must receive clear information (purpose and duration of the use of cookies, list of third parties with whom the information is shared etc…) and the data controller must be particularly attentive to the layout of his banner.
What should be the role of the DPO (Data Protection Officer) in a modern company?
If the company promotes ethics, innovation, data, then the DPO has a key role: they shed light on data collection, and bring their vision on risks from an individual’s point of view.
In the past, their role was purely administrative, but today it is different, the DPO accompanies the company on a permanent basis, but they cannot guarantee compliance on their own: they have to expand a web within the organization (with the digital or marketing departments in particular) in order to promote the essential principles.
What changes are taking place within companies, in terms of GDPR awareness?
When GDPR came into force, programs were launc
hed to raise awareness of it, , and it was necessary to mobilize the entities and ensure they had good skills (setting up e-learning internally, for example).
Despite the existing similarities in legislation, what differences persist and what are the challenges that companies have to face in this respect?
There are technical differences (in terms of data retention time, each country has its obligations) and very important cultural differences, the way in which people in different countries deal with these subjects depends on their history. Consequently, it is difficult to find “golden rules” (= harmonized rules).
How can organizations benefit from their compliance efforts?
One way to recognize that companies have done their job properly is through certifications, such as HDS certification.
Dreyfus helps you to comply with these new legislations.