The European Data Protection Committee (EDPS) has just published an RGPD guide, available in 18 languages, including French and English, specially designed to help VSEs/SMEs understand and comply with the principles of the RGPD. The guide aims to support small businesses in complying with this regulation, which is essential for building and strengthening trust with their customers, users and partners.
Encouraging compliance with the RGPD
Any company that processes data (payroll management, recruitment, customer files, suppliers...) must comply with the RGPD, regardless of its size or sector of activity, as long as it is established within the territory of the European Union. Remember that personal data is information relating to an identified or identifiable natural person. Anonymized data and data relating to a legal entity cannot be considered as such.
To comply with the General Data Protection Regulation, companies must carry out processing that is lawful, transparent, has a purpose, is proportional and relevant, temporary and secure. The data controller is the company's legal representative. This person often has recourse to a subcontractor in charge of data processing.
Complying with the RGPD can seem like a tedious task for VSEs/SMEs. To help them, the European Data Protection Committee (EDPS) has published a guide to data protection. By following robust procedures, these companies - whether or not they have a pro petite entreprise account- are more likely to strengthen the trust of their partners, users or customers, limit cybersecurity risks, and limit the risk of fines or formal notice in the event of a complaint. Poor management of personal data can also damage the public reputation of organizations.
Practical explanations and examples
The guide, available exclusively in web format, covers 4 main themes:
- understanding the basics of the RGPD
- respect for people's rights
- compliance
- securing personal data.
Through videos, infographics and concrete examples, it presents tips for complying with the text, which is not always respected, even though it has been applicable since 2018.
Now available in several languages, including French and English, the guide published by the European Data Protection Committee is accompanied by frequently asked questions (FAQ) and a catalog of resources made available by each data protection authority, including the CNIL.
To find out where they stand when it comes to respecting personal data, VSEs/SMBs can complete the checklist proposed by the CNIL, entitled "Respecting privacy, where do I start? Identification of the files held by the company, respect for the information and rights of individuals, and data security are among the obligations incumbent on VSEs/SMBs.