Following the webinar on the GDPR, we are offering a series of four articles on the subject. Origin and Scope of the GDPR Personal Data: What You Can Do with It and How
- The Main Principles of the GDPR
- Practical Cases
- In this final article, we will look at typical cases. We have already covered the origin and scope of the GDPR, then the processing of personal data, and finally the main principles of the GDPR.
- First case: managing the rights of internal and external users.
For each user, their rights (consultation, modification, deletion) must be determined, and each time, whether they are total or partial. Of course, these rights can be revoked if necessary. The storage of information and passwords should preferably be encrypted.
A breach of one of these principles can lead to a conviction. Second practical case: Backup management
This must be multi-media, both in terms of physical media and location. It must be regular, and the timeframe for updating from the last backup must be determined. And, of course, backups must be tested. Third practical case: The reason for the right to be forgotten For example, in the case of a professional CSP++ database, by applying the automatic right to be forgotten, a third of the database had become obsolete. This means that for a normal database, approximately half of the data could be affected. Launching a marketing campaign without first cleaning the database can double the cost of the campaign. Some links for further information SanctionsList of sanctions imposed at the European level Example of a formal notice, that of Direct Énergie for Linky Some key convictionsBarreiro Hospital
(€400,000)
British Airways
(€200 million) Marriott (€110 million) Articles Failure to manage backups by GLI(service provider managing 40% of the French press) Erasure by Swisscom of hundreds of customer records
MyCloud