Important Note :

These explanations are provided by Visible in simplified form. They do not provide exhaustive details of the many facets of this new European legislation. It is surely up to each company or organisation concerned to study the actions required to comply with this legislation individually.
If necessary, don’t hesitate to contact your internal legal department or to get advice from a specialist law office.sé.


What is the GDPR?

The General Data Protection Regulation (GDPR) is a privacy law enacted by the European Union (EU). It will affect
companies worldwide when it comes into force on 25 May 2018. This regulation defines the way in which an
organisation processes or uses the personal data of EU citizens, including organisations located outside the EU.

Personal datais data which, used alone or combined with other data, identifies a person.

If you collect, modify, transmit, use or store the personal data of EU citizens, you must comply with the GDPR.

The GDPR replaces an older directive on data confidentiality, directive 95/46/EC which was adopted before the
emergence of social networks, Big Data, Cloud computing and the Internet of Things.


Without getting into the often complex legal details, here are a few points we suggest you consider in order to comply with this new legislation.


Communicate transparently to your customers, staff and suppliers regarding the processing of their personal data. Provide information in a manner adapted to the target group. 


A company or organisation may process personal data if the person concerned has clearly consented to this. Each consent must:


It is necessary that each activity processing personal data has a determined, explicit and legitimate purpose. If this data is reused for a purpose other than the initial purpose, it must be guaranteed that the new use of the data is compatible with the first use, or the person must be proactively informed of the new purpose.

Data accuracy and quality

It is necessary to actively check the data in your possession to detect incorrect email addresses and verify compliance with other related information such as the first name and surname of the person, the postcode and the street name. If required, contact the person if you suspect that the data concerning them is incorrect and adapt it if necessary.

Minimal data processing

The legislator’s idea is to restrict the amount of information concerning each person to a strict minimum. As an example, avoid storing postal contact details if you only communicate with your contacts via email.
Sort the data processed and ask yourself if it is really necessary to keep all this data. You can probably achieve the same objective by using less data or by storing less sensitive data. 

Conservation period 

Establish an inventory of the conservation period of all personal data you process and always provide reasons why you still need this data. You should also use a conservation policy with differentiated access.

Security and legality of data processing 

From the moment you collect personal data, you should implement technical and organisational measures to guarantee the safety of this data.

Technical measures are taken in the company’s IT system allowing, for example, restricted access to the internal data or protection of the latter through encryption.
Organisational measures consist of measures specific to internal data management.

Register of processing activities

Companies and organisations processing personal data are required to keep a register of processing activities. This obligation applies to large companies (those employing 250 people or more) and to smaller companies that regularly process personal data within the context of their business.

The register must mention:




In your communications, you use, record, store and manage personal data concerning your customers, prospects,
suppliers, partners, etc.

Therefore, we recommend you take the directives relating to the new General Data Protection Regulation (GDPR )
into account when processing this data.

We recommend you consider the following recommendations depending on the digital communication tools your
company or organisation has.


Privacy Charter/Confidentiality Policy

It is necessary to add or amend the "privacy” page on your website.
This must answer the following questions:

  1. Why this privacy charter?
  2. Who in your company or organisation processes personal data?
  3. What personal data is collected?
  4.  What are the purposes?
  5. Use of cookies
  6. What are the rights of people whose personal data you collect?
    • 6.1. Guarantee of fair and lawful processing
    • 6.2. Right of access
    • 6.3. Right of rectification
    • 6.4. Right of deletion (or “right to be forgotten”)
    • 6.5. Right to limit processing
    • 6.6. Right of opposition
    • 6.7. Right to data portability
    • 6.8. Right to withdraw your consent
  7. How can the person exercise their rights?
  8. How does one make a complaint?


To facilitate visitors navigation on your website and optimise its technical management, the use of “cookies” has
become widespread over the last 15 years.

A “cookie” is a small piece of information saved by a website within your computer’s Internet browser. This “cookie”
can be recovered on a subsequent visit to this same site. The “cookie” cannot be read by a website other than the
website that created it. The site uses “cookies” for specific purposes, for example, to record your preferences for
certain types of information, which avoids you having to enter the same information using the keyboard each time you
visit our website.

Most"cookies” only work for one session or one visit. None of them contain information from which you will be
contacted by phone, email or post. It is also possible for you to configure your browser to inform you each time a
“cookie” is created or to prevent them being saved.

Cookie guidelines

In the context of GDPR, it is a good idea to instruct users to read your policy on the use of cookies and to provide
information on managing cookie preferences.

You must inform your website's users/visitors of the nature of the cookies stored and give them the option of
accepting or refusing them, either for the entire site and all the services, or on a service-by-service basis.

Pop-up cookies

It is also preferable to use a “pop-up” window giving a first view then redirecting to the cookie guidelines. This “pop up”
must list the type of cookies used.

Management of cookies preferences

Ideally, your site should include a page allowing visitors to define their level of acceptance of the use of cookies given
that it is preferable to inform them that disabling some cookies may make some functionality inaccessible or browsing
more difficult.

Emailing campaigns

In your communications, you very likely send information or promotions by email using a specialist platform such as

The people you contact in this way must have consented and be clearly informed of the exact use you make of their

Consent (“opt-in”) is one of the fundamental aspects of the GDPR. You must obtain the consent of your subscribers
and contacts for each use of their personal data.

Some points to consider:

Example for Mailchimp:



Of course, although the emergence of this new regulation represents progress in personal data protection, it requires
consideration and specific action must be taken to ensure compliance. 

Although this may seem pointless or abstract to you, do not ignore this regulation. The legislator intends to carry out
checks and potentially issue fines in case of abuse or lack of compliance. 

Additional information can be found on the European Union's website:


I want the intervention of Visible to set up these elements :

Access the intervention request form