In order to better understand the General Data Protection Regulation, or GDPR, one must consider the history of legislation protecting citizens’ computer data.
In France, everything starts in 1973, when the SAFARI project (Automated System for Administrative Files and Individual Directory) is adopted by the government. This register makes it possible, to identify and cross-check data using one’s social security identifier, in a centralised database. This project is considered scandalous at the time and abandoned one year later.
The concept of personal data management and protection is born during this period are the legal pillars of the original GDPR framework.
- On January 6, 1978, the Data Protection Act came into force, advocating an IT service for citisen without harming their privacy or their individual liberties. In parallel, the CNIL is created (French governmental agency that protects personal data, supports innovation, and preserves individual liberties), responsible for adressing data processing projects led by public authorities. This law was reformed in 2004 and the term “personal data” was coined.
- In 2016, the Law for a Digital Republic annexes the Data Protection Act, strengthening the protection of personal data. As for GDPR, it is adopted in 2016 by the European Union, in parallel with the police-justice directive.
Implemented by decree on May 25, 2018, GDPR strengthens existing personal data legislation in EU countries and targets :
- Companies, administrations and communities of all sectors in the European Union.
- Companies, administrations and communities of all sectors whose activities target people in the European Union territories.
The GDPR renders companies responsible, they are now forced to take steps and implement policies and procedures that ensure their use, processing and securisation of personal data meets regulatory standards.
Primary GDPR obligations for data subjects personal data rights are as follows:
- Relevance: Collect only the necessary data
- Transparency: Communicated information must be clear, which is the basis of a relationship of trust
- Respect of rights: Respond as quickly as possible to various requests from people for their data (access, consultation, rectification, deletion)
- Mastery: Supervision of personal data to ensure their security
To learn more about GDPR obligations and personal data rights, click here.
One year after GDPR went into effect, the balance sheet is heavy : the CNIL, GDPR regulatory commission in France, has recorded an increase in complaints and consultations on its website concerning personal data. Sanctions have been dealt out, as was the case for Google, sentenced to €50m in January 2019.
Start-ups, small and mid-sized companies are also subject to penalties, and the CNIL has also announced that they’re going to strengthen their policy regarding non-compliant behavior.
Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.
Share this article