2018.05.25: Hello GDPR (European law for data protection)

Written by Joseph MICACCIA - -
GDPR Europe

The General Data Protection Regulation (GDPR) comes into effect across Europe this Friday, a few weeks after the outbreak of the scandal "Cambridge Analytica", the name of the company accused of fraudulently recovering the data of 87 millions of Facebook users.

This European regulation enacts new, very strict rules on personal data, to promote transparency on the use of personal data by companies.

 

 

The General Data Protection Regulation (GDPR) is a regulation with which the European Commission intends to strengthen and harmonize the protection of personal data of citizens and residents of the European Union, inside and even outside the borders of the European Union (EU). The main objectives of the European Commission in the GDPR are to give citizens back control over their personal data and to simplify the regulatory environment for international affairs by unifying and standardizing privacy legislation in the EU. Since its entry into force, the GDPR has replaced the content of the Data Protection Directive (Directive 95/46 / EC).

As a result, for the last few days, all online services have invited their users to accept their new terms of use and to check the personal data available to each company.

 

Ne me quitte pas Il faut oublier Tout peut s'oublier Qui s'enfuit déjà Oublier le temps Des malentendus et le temps perdu À savoir comment Oublier ces heures Qui tuaient parfois à coups de pourquoi Le cœur du bonheur Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas Moi je t'offrirai Des perles de pluie Venues de pays où il ne pleut pas Je creuserai la terre jusqu'après ma mort Pour couvrir ton corps d'or et de lumière Je ferai un domaine Où l'amour sera roi, où l'amour sera loi Où tu seras reine Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas Je t'inventerai Des mots insensés Que tu comprendras Je te parlerai De ces amants-la Qui ont vu deux fois leurs cœurs s'embraser Je te raconterai l'histoire de ce roi mort De n'avoir pas pu te rencontrer Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas On a vu souvent Rejaillir le feu D'un ancien volcan Qu'on croyait trop vieux Il est, paraît-il Des terres brûlées Donnant plus de blé Qu'un meilleur avril Et quand vient le soir Pour qu'un ciel flamboie Le rouge et le noir ne s'épousent-ils pas? Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas Je ne vais plus pleurer Je ne vais plus parler Je me cacherai là À te regarder danser et sourire et À t'écouter chanter et puis rire Laisse-moi devenir l'ombre de ton ombre L'ombre de ta main L'ombre de ton chien Ne me quitte pas Ne me quitte pas Ne me quitte pas Ne me quitte pas (Jacques Brel)

"Ne me quitte pas"... (Jacques Brel)

 

Designed to give users more power in managing their personal data online, the GDPR includes very concrete measures that will make it easier, for example, to switch services. Thus, this regulation obliges all companies and administrations that process personal data to better inform their users about the use that is made of them. With the GDPR, online services have the obligation to allow users to retrieve their personal data in a standard format for transfer to another platform.

 

 

One of the consequences is that minor children no longer have access to Facebook, Twitter, Instagram, Snapchat, and more broadly to all the social networks that this morning ask the parents their consent for the collection and treatment of their personal data.


As a result, the GDPR poses a problem for many companies that are forced to comply before 25 May under penalty of a large fine (up to 4% of their global turnover) and who must inform their companies precisely. users about how they use their data.


In France, on its website, the CNIL has published a personal data security guide, as well as a GDPR checklist to help SMEs to comply with the GDPR:

 

Checklist GDPR
  Action Mesures
1 Educate users
  • Inform and sensitize people handling the data
  • Write a computer charter and give it a binding force
2 Authenticate
users
  •    Set a unique login for each user
  •     Adopt a user password policy that conforms to our recommendations
  •     Require user to change password after reset
  •     Limit the number of attempts to access an account
3 Manage authorizations
  •     Define empowerment profiles
  •     Remove obsolete access permissions
  •     Conduct an annual review of the authorizations
4 Trace access and manage incidents
  •     Plan a logging system
  •     Inform users of the implementation of the logging system
  •     Protect logging equipment and log information
  •     Plan procedures for notifications of personal data breach
5

Secure workstations

  •     Plan an automatic session lock procedure
  •     Use regularly updated antivirus
  •     Install a software "firewall"
  •     Collect the agreement of the user before any intervention on his post
6

Securing mobile computing

  •     Plan for encryption of mobile devices
  •     Make regular backups or synchronizations of data
  •     Demand a secret for unlocking smartphones
7 Protect the internal computer network
  •     Limit network flows to the bare essentials
  •     Secure remote access to mobile computing devices by VPN
  •     Implement WPA2 or WPA2-PSK for Wi-Fi networks
8 Secure the servers
  •     Limit access to administrative tools and interfaces to only authorized people
  •     Install critical updates immediately
  •     Ensure data availability
9 Securing web sites
  •     Use the TLS protocol and check its implementation
  •     Verify that no password or username passes in the URLs
  •     Check that user entries match what is expected
  •     Put a consent banner for unnecessary cookies to the service
10 Save and plan for business continuity
  •     Perform regular backups
  •     Store backup media in a safe place
  •     Plan security measures for conveying backups
  •     Plan and test business continuity regularly
11 Archiving securely
  •     Implement specific access procedures for archived data
  •     Destroy obsolete archives in a secure way
12 Frame the maintenance and destruction of data
  •     Record maintenance interventions in a handrail
  •     Supervise by an official of the organization the interventions by thirds
  •     Erase data from any material before scrapping
13 Manage outsourcing
  •     Provide for a specific clause in the contracts of the subcontractors
  •     Anticipate the conditions of restitution and destruction of data
  •     Ensure the effectiveness of the guarantees provided (security audits, visits, etc.)
14 Securing exchanges with other organizations
  •     Encrypt data before sending
  •     Make sure it's the right recipient
  •     Transmit the secret when sending separately and via a different channel
15 Protecting the premises
  •     Restrict access to the premises with locked doors
  •     Install burglar alarms and periodically check them
16 Supervising IT developments
  •     Offer privacy-friendly settings to end users
  •     Avoid comment areas or frame them strictly
  •     Test on fictitious or anonymous data
17 Using Cryptographic Functions
  •     Use recognized algorithms, software and libraries
  •     Keep secrets and cryptographic keys secure

 

Thus, by harmonizing legislation, Europe protects individuals within its borders, and even outside.

 

Sources:

 

Comments are closed.