Understanding the General Data Protection Regulation (GDPR)

Over the years, the issue of personal data has become a major concern for many citizens. To address this issue, the European Union has designed and implemented the General Data Protection Regulation (GDPR). In this article, we invite you to find out more about this legislative package, its rights and obligations, and its benefits for individuals within the European area.

What is the RGPD?

The General Data Protection Regulation (GDPR) came into force on May 25, 2018. This is aEuropean regulatory text whose aim is to protect the data of European Union citizens. As a result, consumers and Internet users have a right of scrutiny over how data is collected, processed and used by organizations, associations and companies.

The RGPD follows on from the French Loi Informatique et Libertés dating back to 1978, which was amended by the law of June 20, 2018 on the protection of personal data, and demonstrates the importance of the issue of respect for personal data within the EU area.

In summary, the RGPD has been designed around three pillars: 

• Strengthening people's rights ;
• Making data processors accountable; 
• Making regulation more ^credible1. 

How does the RGPD work? 

The RGPD provides a framework for the use and protection of personal data. To this end, it grants rights to users and sets obligations for any organization or company that uses it.

The CNIL (Commission Nationale de l'Informatique et des Libertés) defines personal data as " any information relating to an identified or identifiable natural person " ². 

The person can be identified: 

• Directly: by first or last name ;
• Indirectly: via a customer number or telephone number, for example. 

According to the CNIL, this identification process can also be carried out : 

• Via a single piece of data: like the social security number;
• Based on the cross-referencing of several data sets: an individual living at a certain address, born on a certain day and subscribing to a certain magazine.

-------------------------

 ^1EconomieGouv, Le règlement général sur la protection des données (RGPD), mode d'emploi, 2023

² CNIL, RGPD: de quoi parl-t-on?, accessed June 2023
‍

👉 I list my digital assets on SOLAL TECH!‍

Individual rights 

The European RGPD regulation therefore gives users access to a fairly high level of personal data protection. In addition, it offers a number of rights that it is necessary to be aware of in order to preserve them: 

• Data access: Every individual has the right to know whether an organization is collecting personal data. It is also possible to request access to personal data and demand to know why the organization is collecting it.
• Data rectification: You can check your personal data and ask for it to be modified or corrected if necessary.
• Right to be forgotten: All users have the right to request the deletion of their personal data. 
• Data processing : The customer or user may request a restriction on the data being processed. 
• Data portability: For all data based on a contract or consent, it is possible to request the transfer of data to another company.
• Right to object: The RGPD regulation offers the possibility of exercising your right to object to the processing of data

Company obligations 

Alongside these rights conferred on individuals, the RGPD regulation imposes obligations on organizations and businesses. 

• Principle of lawfulness, transparency and fairness: Before data is collected, consent must be sought from the persons concerned, and they must be informed of how the data will be used.
• Minimizing personal data: To maximize privacy protection, organizations must limit data collection to what is strictly necessary.
• Retention period: Companies are obliged to set up a data retention policy so as not to keep data longer than necessary. 
• Data confidentiality : To protect sensitive data, companies must implement all necessary technical measures.
• Data breach: In the event of a data breach presenting a risk to users' rights and freedoms, the company must inform the person concerned within 72 hours.
• Design phase: Right from the design phase of a product or service, companies need to integrate data protection.

Compliance with legal obligations is essential to avoid criminal prosecution. For this reason, companies are strongly advised to take the necessary steps to ensure compliance.

It is possible to recruit a Data Protection Officer (DPO) to comply with legislation. This expert manages compliance with laws and regulations, and liaises with the supervisory authority if necessary.

The RGPD: Numerous advantages for individuals 

It's clear that the rollout of the RGPD regulation offers multiple benefits for Internet users and users in general. The latter now have rights over all categories of processed data. 

First and foremost, users have greater control over how their personal data is used, since it is necessary for a company to ask for their informed consent. For consent to be valid, it must be expressed clearly and with full knowledge of the facts. In the case of tacit consent, the company is at fault and can be prosecuted. Added to this is the protection of stored data and greater transparency in the collection and use of personal information. 

Solal Tech & Privacy by Design

Thanks to all these highly relevant measures, you can take out subscriptions or use services with peace of mind. At Solal Tech, for example, we guarantee total transparency regarding the use of personal data. Right from the design stage of our platform, we have made data security and protection an integral part of our business model.

If you have any questions on this subject, you can contact our experts at any time. They'll tell you more about our data policy and inform you of your rights if you need clarification.

👉 To find out more, read our article on the future of our digital data.

‍