It is very important for a company to comply with the rules of GDPR. Indeed, a clear violation of its obligations under this regulation can lead to financial penalties of up to 4% of annual worldwide turnover.
The NCIL is the supervisory authority for GDPR. Therefore, it is able to:
- Issue a call to order
- Enjoin companies to implement compliance actions
- Temporarily or permanently restrict a data processing operation
- Suspend a data flow
- Order to comply with requests to exercise the rights of individuals (right to objection to the collection of personal data, possibility to exercise the right of access to the data collected)
- Impose an administrative fine
To avoid this kind of misadventure, companies have every interest in complying with GDPR. To do so, they must meet the following requirements:
- General obligation of security and confidentiality (secure data, limit data processing, set a data retention period)
- Obligation to provide information on:
- The type of data collected and the purpose of the collection
- The identity of the companies processing the data
- The rights of access, rectification, query, and opposition
- Impact analysis in case of high risk for the rights and freedoms of individuals (sensitive information, profiling, data transfers outside the EU)
- Data Protection Officer (appoint a Data Protection Officer or DPO in certain cases)
As you can see, the regulatory framework is complex. In order to respect privacy, to ensure that data is kept for a reasonable period of time or to guarantee customers the possibility of objecting to data processing, the best thing to do is to hire a data processing officer.
You may also decide to acquire a set of software tools that allow you to protect the legitimate interests of consumers and the privacy of their personal data.