Bienvenue à Carine ! Carine a rejoint l’équipe de Visible en tant qu'assistante de direction (administration et comptabilité) en ce…
Important Note :
These explanations are provided by Visible in simplified form. They do not provide exhaustive details of the many facets of this new European legislation. It is surely up to each company or organisation concerned to study the actions required to comply with this legislation individually.
If necessary, don’t hesitate to contact your internal legal department or to get advice from a specialist law office.sé.
The General Data Protection Regulation (GDPR) is a privacy law enacted by the European Union (EU). It will affect
companies worldwide when it comes into force on 25 May 2018. This regulation defines the way in which an
organisation processes or uses the personal data of EU citizens, including organisations located outside the EU.
Personal datais data which, used alone or combined with other data, identifies a person.
If you collect, modify, transmit, use or store the personal data of EU citizens, you must comply with the GDPR.
The GDPR replaces an older directive on data confidentiality, directive 95/46/EC which was adopted before the
emergence of social networks, Big Data, Cloud computing and the Internet of Things.
Without getting into the often complex legal details, here are a few points we suggest you consider in order to comply with this new legislation.
Communicate transparently to your customers, staff and suppliers regarding the processing of their personal data. Provide information in a manner adapted to the target group.
A company or organisation may process personal data if the person concerned has clearly consented to this. Each consent must:
It is necessary that each activity processing personal data has a determined, explicit and legitimate purpose. If this data is reused for a purpose other than the initial purpose, it must be guaranteed that the new use of the data is compatible with the first use, or the person must be proactively informed of the new purpose.
Data accuracy and quality
It is necessary to actively check the data in your possession to detect incorrect email addresses and verify compliance with other related information such as the first name and surname of the person, the postcode and the street name. If required, contact the person if you suspect that the data concerning them is incorrect and adapt it if necessary.
Minimal data processing
The legislator’s idea is to restrict the amount of information concerning each person to a strict minimum. As an example, avoid storing postal contact details if you only communicate with your contacts via email.
Sort the data processed and ask yourself if it is really necessary to keep all this data. You can probably achieve the same objective by using less data or by storing less sensitive data.
Establish an inventory of the conservation period of all personal data you process and always provide reasons why you still need this data. You should also use a conservation policy with differentiated access.
Security and legality of data processing
From the moment you collect personal data, you should implement technical and organisational measures to guarantee the safety of this data.
Technical measures are taken in the company’s IT system allowing, for example, restricted access to the internal data or protection of the latter through encryption.
Organisational measures consist of measures specific to internal data management.
Register of processing activities
Companies and organisations processing personal data are required to keep a register of processing activities. This obligation applies to large companies (those employing 250 people or more) and to smaller companies that regularly process personal data within the context of their business.
The register must mention:
In your communications, you use, record, store and manage personal data concerning your customers, prospects,
suppliers, partners, etc.
Therefore, we recommend you take the directives relating to the new General Data Protection Regulation (GDPR )
into account when processing this data.
We recommend you consider the following recommendations depending on the digital communication tools your
company or organisation has.
It is necessary to add or amend the "privacy” page on your website.
This must answer the following questions:
To facilitate visitors navigation on your website and optimise its technical management, the use of “cookies” has
become widespread over the last 15 years.
A “cookie” is a small piece of information saved by a website within your computer’s Internet browser. This “cookie”
can be recovered on a subsequent visit to this same site. The “cookie” cannot be read by a website other than the
website that created it. The site uses “cookies” for specific purposes, for example, to record your preferences for
certain types of information, which avoids you having to enter the same information using the keyboard each time you
visit our website.
Most"cookies” only work for one session or one visit. None of them contain information from which you will be
contacted by phone, email or post. It is also possible for you to configure your browser to inform you each time a
“cookie” is created or to prevent them being saved.
information on managing cookie preferences.
You must inform your website's users/visitors of the nature of the cookies stored and give them the option of
accepting or refusing them, either for the entire site and all the services, or on a service-by-service basis.
It is also preferable to use a “pop-up” window giving a first view then redirecting to the cookie guidelines. This “pop up”
must list the type of cookies used.
that it is preferable to inform them that disabling some cookies may make some functionality inaccessible or browsing
In your communications, you very likely send information or promotions by email using a specialist platform such as
The people you contact in this way must have consented and be clearly informed of the exact use you make of their
Consent (“opt-in”) is one of the fundamental aspects of the GDPR. You must obtain the consent of your subscribers
and contacts for each use of their personal data.
Some points to consider:
Example for Mailchimp: https://kb.mailchimp.com/fr/accounts/management/about-the-general-data-protection-regulation
Of course, although the emergence of this new regulation represents progress in personal data protection, it requires
consideration and specific action must be taken to ensure compliance.
Although this may seem pointless or abstract to you, do not ignore this regulation. The legislator intends to carry out
checks and potentially issue fines in case of abuse or lack of compliance.
Additional information can be found on the European Union's website: https://ec.europa.eu/info/law/law-topic/data-
I want the intervention of Visible to set up these elements :