GDPR: main principles

RGPD et ses grands principes

Following the GDPR webinar, we are offering a series of four articles on the subject. Origin and Scope of the GDPR Personal Data: What You Can Do with It and How

  • The Main Principles of the GDPR
  • Practical Cases
  • In this third article, we will focus on the main principles of the GDPR. We have already covered the origin and scope of the GDPR, then the processing of personal data. Finally, in the last article, we will look at typical examples.

Information system protection must be implemented at both the hardware and software levels (ISO/IEC 20000 and 27001 standards), and all critical incidents must be reported to the relevant data subjects and the supervisory and advisory body. AData Protection Officermust existwithin the company; this function can be outsourced: they are the contact person for the CNIL (in France). They have the status of an independent but unprotected employee. Exceptions exist for companies with fewer than 250 employees.

  • Any processing must preferably have undergone a legal and technical impact assessment conducted by a Data Protection Officer, and in all cases, a record of operations must be kept by a data controller. Regarding the individuals whose personal data is processed, they must be informed in a clear and intelligible manner, given the opportunity to view, modify, or delete some or all of the information concerning them (for example, the Terms and Conditions must be separated from consent), and finally, be able to retrieve this data in an open format (XML, JSON, CSV, etc.) and documented, supplemented by any metadata useful for its interpretation. A right to be forgotten must be automatically implemented. In summary, the CNIL has defined six points that allow any processing to comply with the GDPR (Find the article here): Relevance Transparency Respect for rights Control Risk Management Security Some links for further informationTools Anssi IT Hygiene Guide CNIL TutorialCNIL tool for conducting an impact assessment (can be adopted as needed) Data Protection Officer (DPO) Personal Data: Good Practices for Personal Data Protection Right to Portability Right to Be Forgotten Standards and Introductory MOOCsAcronyms to Know for Evaluating the Security of Cloud OfferingsISO
  • / IEC Standards: 20000 27001 Introductory MOOC: Cybersecurity by Anssi GDPR by CNILArticle
  • You cannot block access to a site for refusing cookies or other tracking tools