Le rôle du gouvernant d’une entreprise dans la conformité au RGPD

The role of a company's management in GDPR compliance

A company's manager is usually the leader or manager of the company, whose mission is to make strategic and operational decisions to achieve the company's objectives. Depending on the company's structure, the manager may be:

  • The Chief Executive Officer (CEO),
  • The Director General (DG),
  • The Chairman of the Board of Directors (PCA),
  • The Board of Directors (BoD) or the Supervisory Board (SB) in companies with a dual governance structure,
  • The manager or managing partner in sole proprietorships or limited liability companies (SARL),
  • The president or general secretary in non-profit associations.

THE GDPR does not explicitly define the role of the “governor” of a company.

However, the GDPR imposes certain compliance obligations on data controllers, who can be considered responsible for the company's governance of personal data protection.

The data controller is the natural or legal person, public authority, partner or subcontractor or any other body which processes personal data on behalf of the controller.

The data controller is therefore in charge of the governance of the company's personal data and is responsible for implementing appropriate measures to ensure compliance with the GDPR.

Under the GDPR, the data controller is responsible for taking technical and organizational measures to ensure the security and confidentiality of personal data, ensuring transparency in the collection and use of personal data, informing data subjects of their rights and taking measures to ensure the exercise of these rights.

In summary, the manager of a company within the framework of the GDPR is the de facto data controller, which is responsible for the company's governance and compliance with regard to the protection of personal data.

The government has numerous obligations in the context of GDPR compliance, namely:

  • Responsibility

Governance must designate a Data Protection Officer (DPO) or Data Protection Correspondent (DPC) who will be responsible for overseeing compliance with the GDPR.

  • Transparency

Governance must inform data subjects about the collection, processing and use of their personal data.

  • Consent

Governance must obtain explicit consent from data subjects before collecting, processing and using their personal data.

  • Rights of data subjects

Governance must guarantee the rights of data subjects such as the right of access, the right of rectification, the right of erasure, the right to data portability and the right to object.

  • Data protection

Governance must take appropriate technical and organizational measures to protect personal data against loss, destruction, alteration, unauthorized disclosure or unauthorized access.

  • Data Breach Notification

Governance must notify personal data breaches to the relevant supervisory authority within 72 hours of discovering the breach.

  • Data Protection Impact Assessment

Governance must carry out a Data Protection Impact Assessment (DPIA) to assess the risks to the rights and freedoms of data subjects.

In summary, governance must take measures to ensure compliance with the GDPR and protect the personal data of the persons concerned.

Discover Viqtor®
en_USEN
fr_FRFR de_DE_formalDE es_ESES elEL it_ITIT hrHR pt_PTPT nl_NL_formalNL de_ATDE_AT etET fiFI lvLV lt_LTLT sk_SKSK sl_SISL en_USEN