GDPR & e-Privacy
Last updated
Last updated
You should only process necessary data and you should regularly delete unnecessary data.
This logic aims at sourcing only useful data.
This is a legal requirement that we must be able to present and justify to our clients.
The data import logic must include a bridge to the data register declaration.
The processing operations are subject to a declaration to the CNIL (if no CIL) or to an entry in the CIL register (if CIL). With the GDPR, the registration of a register of processing operations is mandatory. (Article 30 GDPR)).
The GDPR defines personal data as any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an online identifier or location data.
Types of data affected by the GDPR :
Directly identifying data (e.g. name, email, address, email, phone number, etc.)
Online identification data (e.g. cookie ID, advertising ID, Mac address, IP address)
Browsing or purchase histories, the cross-referencing of which may allow the identification of the individual by fingerprinting (e.g. OS, language, battery level, fonts and plugins, etc.).
However, companies collecting personal data can opt to "anonymise" it, so that the data no longer allows an individual to be identified.
According to the European data protection authorities, this data should no longer be able to be individualized, correlated or inferred.
Any person in an organization who may have access to personal data must be authenticated using a sufficiently robust method:
Provide traceability of users connected to your applications.
Provide for traceability of actions performed by a user:
Features used
Details of use
Date of connectionType of data processed, ...
