GDPR: Personal data has indeed changed status

Excerpt from Bruno DUMAY's book: GDPR DECRYPTION – For Managers, Strategic Departments and employees of companies and organizations – Preface by Gaëlle MONTEILLER

The General Data Protection Regulation (GDPR) is now the European standard for the protection of personal data within the European Union. A "regulation," unlike a "directive," is applicable in all EU member states, without the need for transposition into national law (France being France, a law on the protection of personal data is currently being discussed in the National Assembly and the Senate).

The GDPR aims to protect European Union citizens from unwanted use of their personal information. As of May 25, 2018, the date the GDPR came into force, a company (or an association or government agency) can no longer use personal data for purposes to which its customers, users, or employees have not given their consent. The principle is simple: the data belongs to the data subjects, and this right is imprescriptible.

If an individual feels aggrieved, they can easily take their case to the supervisory authority (CNIL in France) and the courts to assert their rights. It will then be up to the company to prove that it has acted in compliance with the regulation. If this is not the case, the penalties will be particularly high, likely to jeopardize the company's long-term viability.

The following summary has been prepared to enable managers, strategic departments, and more generally those responsible for and involved in data processing to understand their obligations and act accordingly. No doubt some of you are already more or less prepared, while others are not yet. In any case, the goal is not to prevent you from working, but rather to help you practice your profession in accordance with the rules, which are demanding and essential.

As you will discover in this reading, the regulation and the new rules of the game that constitute it, mark the advent of a new era, and this is not an understatement. Because it is a revolution that will change our habits, commit us to a process of profound change.

Once GDPR compliance is achieved, it must be managed to remain compliant, to stay in line, as they say. Companies that comply with it will demonstrate great transparency towards their customers or consumers of their products or service offerings and therefore create, strengthen, or regain their trust.

The GDPR is a fabulous opportunity for companies that will seize it with enthusiasm, seriousness, and pragmatism. It is even a major strategic challenge, undoubtedly a lever for growth and pro-business value, and in any case an ethical guarantee of the relationship with the person, the employee or collaborator relationship, the subcontractor or partner relationship, the customer relationship... the relationship in general. By purifying these countless aspects of the relationship with others, in this new world where the cards are redistributed, there will be more room for respect, trust, and the joy of working, exchanging, or trading together. So welcome to the era of the Human relationship, in the noblest sense of the expression!