Connexion
Nos clients
Demonstration
To process your request, we need to process your personal data. Find out more about the processing of your personal data here.

Contents

  1. GDPR best practices: processing banking data of a "B2C" client or company
  2. GDPR best practices: CV Data retention
  3. GDPR best practices for collecting clients ethnic data
  4. A license plate is personal data
  5. Data retention of files on computers for several years: What are the best GDPR practices to adopt?
  6. Receiving a suspicious email: GDPR best practices to adopt
  7. Secure your data by adopting GDPR best practices
  8. What GDPR best practices to adopt when sending an email to the wrong Data recipient
  9. Would you like to know how long you can Data retention your clients ' and prospects' data?
  10. We handle GDPR for you!
    1. Compliance audit in 48 hours
    2. Dedicated external DPO, appointed by the CNIL (National Commission for Information Technology and Civil Liberties))
    3. Fixed cost, 100% under control
  11. Full CNIL (National Commission for Information Technology and Civil Liberties) compliance guaranteed, for the duration...

GDPR best practices: processing banking data of a "B2C" client or company

If you think that banking data is sensitive data that requires further action, you're wrong. In fact, bank data is not considered "sensitive data" at all. The same applies if you have to process bank data for a company or association.

The GDPR only applies to personal data, i.e., the data of individuals. A company is a legal entity. Consequently, its banking data is not personal data.

Moreover, sensitive data corresponds to only a few very specific categories of data. Examples include sexual orientation, health data, trade union membership, religious or philosophical beliefs and convictions, and so on.

GDPR best practices: CV Data retention

Data can only be kept for a limited period. This period evolves and changes according to the categories of data processed. 

For example, CVs can only be kept for a maximum of 2 years from the date of application. 

At the end of this period, delete the CVs hosted on your computer/email box. 

GDPR best practices

GDPR best practices for collecting clients ethnic data

On this point, you have no right to compile such a list of ethnic data, even though, as part of your mission, it would be interesting to collect this kind of data, whether from your client or your employees. This is strictly forbidden. 

In France, the Data Protection Act of January 6, 1978 prohibits the collection or processing of personal data that reveals, directly or indirectly, the racial or ethnic origins of individuals. 

Failure to comply with this prohibition is punishable by 5 years' imprisonment and a fine of 300,000 euros, according to article 226-19 of the French Penal Code.

Turn the GDPR
into a business asset Request a demo

A license plate is personal data

Personal data enables an individual to be identified directly or indirectly.

A license plate provides information that indirectly identifies an individual. As such, it is personal data.

Data retention of files on computers for several years: What are the best GDPR practices to adopt?

This is the case for CV Data retention , while other personal data cannot be kept indefinitely. 

Each file containing data such as an invoice, a contract or a CV [...] can therefore only be kept for a limited period, which varies, of course, according to the nature of the data.

GDPR best practices

Receiving a suspicious email: GDPR best practices to adopt

Clicking on fraudulent emails from malicious people is one of the main causes of hacking and ransomware. 

If you receive an incoherent source or text, an outlandish request or any other e-mail that seems out of the ordinary, you must inform the appropriate persone.g CIO) to determine the nature and dangerousness of the e-mail. 

Secure your data by adopting GDPR best practices

Do you use your personal laptop for work?

If you are authorized to use your personal computer for work purposes, you must comply with all the security rules required by your employere.g antivirus, complex password, etc.). If you have any doubts about the security measures to be respected, you can ask the competent persone.g IT department). 

Have you shared your login details with a malicious person?

If you think you've shared your login details, you must change them immediately and inform the appropriate person in your organization. 

A USB key or external hard drive is the best way to secure and protect your data?

Nomadic" media such as USB sticks or external hard drives should be avoided as much as possible, as they are one of the main sources of data breaches in Francee.g : USB stick forgotten in a bar, theft, etc.). 

Your computer has been hacked 

Please note that if you are a victim of hackinge.g : encrypted screen, frequent bugs, etc.), notification to the CNIL (National Commission for Information Technology and Civil Liberties) will only be made in specific cases, determined by your employer with the assistance of its DPO. 

"My password is " 123nousironsaubois " "

A complex password consists of at least 8 alphanumeric characterse.g letters, numbers, special characters). However, we strongly recommend that you do not enter your birthday, surname, first name or a sequence of numbers such as 1,2,3,4. 

Do you use the same password for personal and business purposes?

Using the same business and personal password is not forbidden per se, but it is strongly discouraged in order to minimize the risk of a data breach. 

Please note that the risk involved is as dangerous for you personally as it is for your employer.

"My password is changed every 2 years".

As well as being complex, passwords should, at best, be renewed on a quarterly basis. Failure to do so increases the risk of hacking.

GDPR best practices

What GDPR best practices to adopt when sending an email to the wrong Data recipient

The nature of the Data recipient and the volume/nature of the data communicated also play a role:

 If I know the Data recipient well, or if the data is neither specifice.g bank details, income, social security) nor sensitivee.g sexual orientation, health, etc.), I ask him/her to delete the email and to send me an email confirming the deletion.

 If I don't know the Data recipient or if the data is either specifice.g banking data, income, social security) or sensitivee.g sexual orientation, health, etc.), I immediately inform my manager and my DPO. 

Dipeeo
Dipeeo
Articles: 82

Useful links

Resources

Other

2025 Dipeeo, all rights reserved

Designed by Escale Communication