To begin with, here are 10 questions or common ideas you may have and I provide clear answers:
- GDPR, what is that?
It is a European law, adopted in 2018 which provide European Customers with a good use for their personal data.
- Personal data, what is that?
Personal data are all the data that can help identify a human being.
- Why make a reglementation?
Up to now, Developers could make whatever they want and collect as much data as they want about Web Customers. But, several times, personal data were used, sold and became a very fruitful business, at the expense of Customers and without any consent. If those Developers had cared about Security seriously, that would not have been a problem. New rules in Europe help remember that Personal data are the property of Customers and they are not supposed to be sold without their agreement.
- Cookies, what is that?
- I just need to collect the agreenment of Customers, then?
It is not that easy. You have to collect agreement and you have to implement disagreement at anytime the Customer needs this. There are a few rules to use data the correct way.
- GDPR, but that's only for GAFAs ?
No, GDPR in Europe is for all Trade Companies and you may see on the CNIL's webpages the fines that were given. Some French Start-ups were strongly annoyed and had to stop several months before they could start again their business : they were the first ones to be sanctioned.
- CNIL, what is that?
CNIL is the French Organisation which helps enforcing GDPR in France. Before now, it was a just a Collecting Administration you had to provide information about your databases and so on. But now, it is the official organism providing sanctions about breach in Personal Data Security and enforcing Companies with compliance to GDPR. For instance one of the biggest fine's amount is 50 millions Euros.
- It is not a concern for me, see, I have no website!
Any Company collecting data and organising them through databases are concerned.
- GDPR? Give me a break, it is not that urgent!
For the last two years, CNIL gave a lot of information to Companies, so that they are compliant with GDPR. 2020 is the maturity age for this law and all Companies, Associations or Governements are concerned.
- DPO, what is that?
The Data Protection Officer is the one who cares for and monitors compliance to GDPR within a Company or a big organisation. He/she may be an independant one (as I am, for instance). There are no certifications or diploma for this job, it is a new job.