GDPR & Data Processing
Posted: Sat Jan 04, 2025 7:07 am
It is important to emphasize here that, although we have verified each of our sources and are confident in our interpretation, this article does not constitute legal advice.
The General Data Protection Regulation (GDPR) calls on companies to be more transparent about how their customers’ data is used. This new regulation will give consumers greater control over how their data is used.
This will start with a simple and effective privacy policy. You will need to ensure that the database you have (customers or prospects) is clear and legal.
Another aspect of GDPR: your responsibility as a data controller and data protection officer.
As a reminder :
The data controller validates the PIA (privacy impact assessment tool) and undertakes to implement the defined action plan. (source CNIL)
Any company that collects information about individuals is, in essence, a data processor.
The data protection officer draws up the action plan and is responsible for verifying its execution (source CNIL) .
Processing covers both the storage and use of personal data.
It is possible that your company acts as both a data controller and a data protection officer.
Let's take the example of a retailer who collects information from his customers at his point of sale:
If the latter has customer support that can assist its customers after the panama whatsapp list purchase, the latter will be considered responsible for the data processing. Indeed, it will have a specific reason for collecting this information.
Note that the system that stores the data – your CRM/billing system – should also be considered as being responsible for data protection.
Another example of a company that is both responsible for data processing and delegated to protect it: Esendex.
Indeed, as a provider of business communication tools, we can sometimes serve as a data controller for a company, but also make decisions about how we collect and use our customer data. This decision-making involves their protection.
The General Data Protection Regulation (GDPR) calls on companies to be more transparent about how their customers’ data is used. This new regulation will give consumers greater control over how their data is used.
This will start with a simple and effective privacy policy. You will need to ensure that the database you have (customers or prospects) is clear and legal.
Another aspect of GDPR: your responsibility as a data controller and data protection officer.
As a reminder :
The data controller validates the PIA (privacy impact assessment tool) and undertakes to implement the defined action plan. (source CNIL)
Any company that collects information about individuals is, in essence, a data processor.
The data protection officer draws up the action plan and is responsible for verifying its execution (source CNIL) .
Processing covers both the storage and use of personal data.
It is possible that your company acts as both a data controller and a data protection officer.
Let's take the example of a retailer who collects information from his customers at his point of sale:
If the latter has customer support that can assist its customers after the panama whatsapp list purchase, the latter will be considered responsible for the data processing. Indeed, it will have a specific reason for collecting this information.
Note that the system that stores the data – your CRM/billing system – should also be considered as being responsible for data protection.
Another example of a company that is both responsible for data processing and delegated to protect it: Esendex.
Indeed, as a provider of business communication tools, we can sometimes serve as a data controller for a company, but also make decisions about how we collect and use our customer data. This decision-making involves their protection.