GDPR : Are you affected? Everything you need to know

Find out if the GDPR applies to you and what your obligations are when it comes to protecting personal data.

The General Data Protection Regulation (GDPR) is crucial European legislation that governs how companies handle and protect individuals' personal data. But are you wondering if the GDPR is relevant to you? In this article, we'll explore what the GDPR is and who it affects.

Do I process personal data?

Before you go any further in understanding the GDPR, ask yourself this fundamental question: am I processing personal data? If your company collects, stores or processes data such as :

Personal identification data :

• First and last name
• Phone number
• Email address
• Postal address
• Identification numbers such as social security number, passport number, or driver's license number

Financial and transactional data :

• Banking information (such as account numbers)
• Purchase and transaction history
• Credit/debit card details

Employment data :

• CVs
• Cover letters
• Performance evaluations
• Wages and tax data

Location data :

• GPS data
• IP addresses
• Other data indicating a person's physical location

Health data :

• Medical records
• Health history
• Genetic or biometric information

Children's data :

• Any personal information concerning individuals under the age of 16 (or the age specified by the legislation of a Member State)

Data from online monitoring :

• Cookies and trackers
• Navigation history
• Data from social networks

Opinions and beliefs :

• Political views
• Religious or philosophical convictions
• Union membership

Electronic identification data :

• Online login
• Pseudonyms
• User profiles

Images and recordings :

• Personal photos
• Videos
• Voice recordings

Then the GDPR is for you.

Who is affected by the GDPR ?

The GDPR applies to any company or organization, regardless of size, that processes the personal data of European Union residents. Be it: 

• Businesses and organizations: All businesses and organizations, regardless of their size or nature, are affected by the GDPR if they process the personal data of European citizens. This includes, in particular, companies with 60 or more employees.

• controllers and processors : controllers are the entities that determine the purposes and means of personal data processing. processors, on the other hand, process data on behalf of the controller. Both are subject to GDPR obligations, although their responsibilities differ.
• Public authorities and agencies: Public authorities, including government agencies, are also required to comply with the GDPR in their data processing activities.

What are the GDPR compliance obligations?

Under the GDPR, companies must comply with several obligations, including:

1. Obtaining consent: Companies must obtain the explicit consent of individuals before collecting, processing or storing their personal data.
2. Transparency: Companies must provide clear and transparent information on how they collect, use and protect personal data.
3. Data security: Companies must implement appropriate security measures to protect personal data against loss, theft, unauthorized access and any other form of unlawful processing.
4. Respect for individuals' rights: Companies must ensure that individuals can exercise their rights, such as the right of access, the right of rectification, the right to erasure, the right to data portability and the right to object.

✅ In conclusion, the GDPR is an important regulation that affects any company processing the personal data of European Union residents. By complying with GDPR obligations, businesses can boost clients trust, avoid fines and penalties, and help create a safer, more privacy-friendly digital environment for all. Make sure you inform yourself about the GDPR requirements and put in place the necessary measures to ensure your company's compliance.