The main purpose of a Pivacy Notice is to inform users of a website or digital platform about the personal data collected. Indeed, informing users is one of the pillars of the RGPD.
This RGPD charter can also be called a “privacy policy” or “Privacy”. The important thing is that it should be easy for the user to find and understand, otherwise it won’t be able to fulfill its role.
Within an RGPD charter, a user must be able to find the personal data that is collected, how it is used, the recipients, the retention periods, its retention outside the EU and the various rights of users regarding their collected personal data…
For a better understanding of the implementation of each section, Dipeeo’s RGPD charter is available on the left for download.
On this subject, as part of its support for professionals in RGPD compliance, the CNIL has put in place basic precautions to make users aware of what’s at stake in terms of security and privacy.
– Defining the scope of processing: determining the purpose of your processing is the first thing you need to think about. In other words, you need to specify the reason why you are collecting personal data.
– Definition of the legal basis (consent, legal obligation…): Article 13 specifies this point, requiring the identification of one of six different bases:
–Indication of data recipients: the next step is to indicate the recipients of the personal data. This point is mentioned in article 13.1.e, and we understand that it is compulsory to indicate :
“the recipients or categories of recipients of personal data, if any”.
– Determining the data retention period: This is one of the rules imposed by the RGPD. It is mandatory to talk to data subjects about how long you keep their personal data. You’ll find this rule in article 13.2.a
– Finalizing the rest of the mandatory mentions: After defining the scope of your processing and the legal basis, determining the retention period and indicating their recipients while mentioning whether their provision is mandatory or not, all that remains is for you to indicate the remaining requirements of the thirteenth article of the RGPD namely:
« l’identité et les coordonnées du responsable du traitement et, le cas échéant, du représentant du responsable du traitement » (art. 13.1.a) ;
Any organization, company of any size, association […] in possession of personal data, whether from customers, employees or even visitors to their websites, is obliged to draw up an RGPD charter. As the name suggests, personal data is information that can be used to identify a person. In other words, a surname, first name, telephone number or address can be considered personal data.
In this respect, the law punishes any failure to provide information describing the processing of personal data collected. It is also compulsory to update this information after each modification to the various processing procedures.
Transparency, comprehensibility and accessibility are all requirements imposed by law when it comes to information provided to data subjects.
Generally speaking, the types of sanctions for failure to comply with the RGPD Charter are administrative sanctions and criminal sanctions.
A list of conditions set out in Article 83 of the RGPD allow what is known as a supervisory authority after verification of these conditions to apply administrative sanctions to the group (be it a company or an association…) that has not complied with the RGPD provisions.
Article 84, for its part, provides for additional sanctions in the event of non-compliance with the RGPD. Provisions that are present in the French Penal Code. By way of example, we can cite here Article 226-16 of the Penal Code, which stipulates: “the fact, including through negligence, of carrying out or having carried out processing of personal data without compliance with the formalities prior to their implementation provided for by law is punishable by five years’ imprisonment and a fine of 300,000 euros”.
1
2
3
5 min⏱️
24h⏱️
24h⏱️
01 59 06 81 85
contact@dipeeo.com
4 boulevard de Montmartre –
75009 Paris
Pour vous contacter, nous devons traiter vos données.
Pour plus d’infos, consultez notre Politique de confidentialité.