In force since 25th May 2018 throughout Europe, the General Data Protection Regulation (GDPR) is the reference text on the protection of personal data. It reinforces the pre-existing text on the principles established by the 1968 Data Protection Act.
This new European regulation responds, among other things, to the technological developments taking place in our society, such as the development of online commerce, but also the advent of social networks and other applications that collect a lot of personal data. It is in this sense that the GDPR is a continuation of the French Data Protection Act of 1978, while allowing citizens to better control the use of their personal data.
As a reminder, personal data is “any information relating to an identified or identifiable natural person”. A person can therefore be identified directly (e.g. surname, first name), or indirectly (e.g. by an identifier (customer number), a (telephone) number, biometric data, several specific elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity, but also by voice or image).
By setting clear rules on data processing, the GDPR allows public and private organizations to thrive by gaining the trust of users, which is of paramount importance at this time.