Search

In order to be lawful, the processing operations must be based on one of the following conditions: The data subject has consented to the processing of his/her personal data for one or more specific purposes. The processing is necessary

Where your processing operations involve "sensitive data", special conditions may apply (examples: a data protection impact assessment, additional information to be provided to the data subject, the consent of the data subject, contractual clauses, etc.). Special categories

Since 25 May 2018, the General Data Protection Regulation imposes stricter accountability obligations on private and public actors. You will be required to constantly ensure that the rules set out in the Regulation are followed and must be able to

Before data may be processed by the controller, a number of conditions of lawfulness must be met to ensure an adequate protection of privacy. When you process personal data, you must comply with the following principles: Principles of lawfulness, fairness

As a controller, you shall maintain a record of processing activities under your responsibility. Similarly, your processors shall maintain a record of all categories of processing activities carried out on your behalf. However, this obligation shall not apply

If the European Commission does not recognise the country to which you are transferring personal data as adequate, you must provide appropriate safeguards when transferring personal data outside the European Union.

If you have determined that the processing is likely to result in a high risk to the rights and freedoms of data subjects, you must carry out a data protection impact assessment (DPIA) for each processing operation. The DPIA allows

To demonstrate your compliance with the Regulation, you must maintain the necessary documentation. To continuously ensure the protection of the personal data you processed, you must regularly audit the actions and documentation relating to every phase of the processing operations

Both you and your processors shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These security measures shall take into account the state of the art, the costs of implementation

Only choose processors that provide sufficient guarantees to ensure the protection of the personal data processed. Conclude a contract that sets out the processor’s obligations concerning the security, the confidentiality and the protection of the processed personal data.

Privacy by design Privacy by design means implementing appropriate security measures at the earliest stages of the development of your products and services. Privacy by default The principle of privacy by default requires the adoption of measures to ensure that

The General Data Protection Regulation grants certain rights to individuals and defines their conditions and limitations. The controller has to make sure that data subjects can exercise the following rights: 1. Information to the data subject You must inform data

The data subject's consent is one of the conditions processing operations can be based in order to be lawful. The provisions concerning the conditions applicable to consent were further developed by the GDPR, emphasizing its "free, specific, informed

If the retention of data concerning you is no longer justified, you may request their erasure. If the controller has no legitimate reason (e.g. legal obligations at the accounting level) that justifies the retention of your data, then they

You change you online provider and want to retrieve your data? The right to data portability allows you to receive, free of charge, the data you provided to a controller, in a structured, commonly used and machine-readable format

You can exercise your right of access by contacting the controller directly and ask to obtain the personal data he concerning you and certain additional information. Examples : You buy a product on the Internet and want to know what information

You are visting a search engine (Google, Bing, Yahoo etc.) and, when you enter a combination of your first and last name, you find a search result that is wrong or irrelevant. What can you do? Contact the search engine

You notice that information concerning you is inaccurate or irrelevant. Instead of requesting the erasure of the data, you prefer a restriction. You shall have the right to obtain from the controller restriction of processing where one of the following

If you have noticed that personal data concerning you is inaccurate, incomplete or simply not up to date, you can request to rectify it. If contacted, the controller has to correct the inaccurate information concerning you. This right prevents an

The General Data Protection Regulation grants you rights that allow you to control the use of your own personal data: