What is the General Data Protection Regulation ?

The GDPR is a new European law about the personal data protection of website’s users. It’s a real big deal for every company with an online business so we’re going to see what are the main principles of this regulation and how it will change the web.

First, let’s try to determinate what’s the scope of the GDPR.

The GDPR is intended to apply to all processing of personal data, whether automated or manual if :

• The controller or its processor has an establishment located in the European Union region.
• The controller or its processor does not have an establishment located in the European Union region but the persons whose data is being processed are located there.

In other words, this regulation applies to the majority of the companies, in the EU or not!

Then, what are the rules of the GDPR ?

The data collected must be :

• Processed in a lawful, fair and transparent manner.
• Collected for a set, explicit, legitimate purpose and not reused later for a purpose that is incompatible with the intended purpose at the time of collection.
• Appropriate, relevant and limited with regard to the purpose for which they are processed.
• Accurate and, where appropriate, updated
• Stored in a form that enables the data subject to be identified and for a period not exceeding the time required for the purpose for which the data is processed.

These are the main rules of the GDPR that your website has to follow to avoid sanctions (which can be really heavy).
If you want to be sure your website is respecting rules, contact us and our digital legal advisor and lawyer check it for you.