GDPR user’s guide

The internet has dramatically changed the way we communicate and how we handle everyday tasks. Nowadays, data is at the heart of everything we do. We answer surveys, we consent to the use of cookies, we share our location on sites… Have you ever wondered how your data is processed?

What is personal data?

The notion of “personal data” is to be understood in a very broad way. Personal data is “any information relating to an identified or identifiable person”.
A person can be identified :

    • Directly (e.g. name, first name, residence…)
    • Indirectly (e.g. customer number, telephone number, but also his voice or image…)

What is sensitive data?

Some personal data is considered ‘sensitive’ and is subject to specific processing conditions.
The following information is classified as sensitive personal data:

    • Details of racial or ethnic origin
    • Political, religious or philosophical beliefs
    • Trade union affiliation
    • The processing of genetic data and/or biometric data for the purpose of uniquely identifying a natural person
    • Health details
    • Information about a person’s sex life or sexual orientation.

Why does companies collect my data?

There are different purposes for which companies and organizations collect your personal data :

    • To provide good service: companies need some of your personal information to provide you the service you asked for. For example, when you place an order on the Internet, you give certain details such as your name, address, card number in order to receive the product.
    • To give you personalised experience: obtaining certain information about you, such as some of your tastes, some of your shopping habits, or some of your geolocation data, can allow a company to improve its generic offerings to provide you with a range of tailored offers. It may also allow them to adapt their communication to my profile, to show me products that meet my needs and that I am more likely to buy.
    • Improve their service: collecting different types of data concerning the characteristics of its customers, their use of its services, their purchase history, possibly their opinions, and then classifying and analyzing them can enable a company to progress in many areas.

However, in an economy based on digital development, data is the new raw material. This is why there have been many abuses concerning the collection and use of personal data. That is why GDPR was introduced in 2018 to protect users concerning their privacy.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European regulation that frames personal data processing in the whole European Union. It came into effect on May 25, 2018 to harmonizes the rules in Europe by providing a single legal framework for professionals.

What are my rights?

Your data is collected and used by companies, but you have options to protect your personal data, and to decide how you want it to be used.

    • The right to access – You can request access and informations about how your data is processed. The company must provide a copy of the personal data, free of charge and in electronic format if requested.
    • The right to erasure – You are able to withdraw your consent, so the company must delete all the personal data they have about you.
    • The right to data portability – You have the right to transfer your data to one platform to another (social network, etc.) for free
    • The right to be informed – This covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
    • The right to rectification – You can ask for incorrect, inaccurate or incomplete personal data to be corrected.
    • The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.
    • The right to notification – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.
    • The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.

How sould my consent be requested?

Consent must be freely given, specific, informed and unambiguous. A consent request needs to be presented in a clear and concise way and has to specify what use will be made of your personal data like who is collecting your data, the type and purposes for which the data is being collected, how to contact them to withdraw your personal data…