European Data Privacy Day – GDRP

Saturday, January 28th, 2023, will be Data Privacy Day. Created in 2006 by the European Council, it aims to make users aware of the importance of protecting their personal data. For companies, it’s an opportunity to ensure that they are compliant with the law.

What is personal data ?

Personal data is all the information that identifies a person. A person can be identified in several ways:

• Directly (name, first name)
• Indirectly (examples: customer number, phone number, photo,…)
• From a single data (examples: social security number, DNA)
• From the crossing of several data (example: date of birth + address)

Article 4 of the GDPR defines personal data as follows:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Personal data vs. sensitive data

Often confused, sensitive data is a particular category of personal data. Sensitive data is particularly at risk and benefits from a reinforced legal protection regime. The GDPR prohibits the processing of sensitive data.

Article 9 of the GDPR defines sensitive data as revealing:

• Racial or ethnic origin,
• Political opinions,
• Religious or philosophical beliefs,
• Trade union membership,
• The processing of genetic data, biometric data for the purpose of uniquely identifying a natural person,
• Data concerning health,
• Data concerning a natural person’s sex life or sexual orientation.

What is the GDPR ?

The General Data Protection Regulation frames personal data processing on the European Union’s territory. Entered into force on May 25th, 2018, it harmonizes European rules. Its objective is twofold:

• To protect and facilitate the rights of users
• To make organizations that process personal data accountable.

Who is concerned about the GDPR ?

Any organization can be concerned, whatever its size, country of establishment, and activity. Indeed, the RGPD applies to any organization, public or private:

• Established on the territory of the European Union,
• Or that its activity directly targets European residents.

Non-European companies have the same obligations as long as they offer products or services to European residents.

Regulatory bodies

In France, the CNIL is the administrative authority enforcing the GDPR. Its European counterpart is the European Data Protection Committee (EDPS).

Roles of the CNIL

• Inform individuals and professionals, and protect individual liberties,
• To assist organizations in their compliance with the GDPR,
• Anticipate the ethical challenges of data and innovate: the CNIL, alongside companies, participates in research in the field of privacy and personal data,
• Controlling organizations.

Best pratices to comply with the GDRP

If personal data is not the core of your business, being compliant with the RGPD is quite simple. To do so, follow these best practices.
– Source CNIL –