FREQUENTLY ASKED QUESTIONS/How to ensure that your data processing is compliant with GDPR?/

Security & compliance

How can I ensure that my data processing policy is GDPR-compliant?

The general principles governing data processing of personal data are the following:

  • The data must be processed legally, fairly and transparently vis-à-vis the data subject. For example, it is necessary to inform the client of the type of data collected and explain how the collected personal data is to be used.

  • The data must be collected for specific, explicit and legitimate purposes. For example, as part of a delivery activity, you will need to collect the delivery address of your customers to send them orders.

  • Always ask for the consent of visitors to your site for the recovery of their personal data.

  • The processing of personal data must be adequate, relevant and proportionate to what is really necessary to achieve the objectives of the business activity. For example, in order to provide a service, you will need the full name of your clients, but you will not necessarily need their date of birth.

  • The personal data provided must be accurate and, if necessary, kept up to date. Further, your client must have access his personal data in order to modify or delete the information.

  • The data must be stored in such a way that it enables the persons concerned to be identified for a period not exceeding that necessary to achieve the objectives determined. As such, it is useful to keep all the data collected in a table provided for this purpose and for a pre-established limited time.

  • The processing must ensure that the data is appropriately and adequately protected, and protected against any unauthorized / illegal processing or data leakage. For example, you should switch to HTTPS on your website by installing an SSL certificate.

In summary, be transparent in the way your customers' personal data is treated and conserved of, and restrict the use and management of the data to strictly respond to the needs of your business.


Alf
assists you in incorporating you company in France, as well as managing all your company's paperwork. To discover our services, please visit our website.

Read more:

The penalties for a breach of the GDPR

The data protected under GDPR

GDPR: who must comply?

Get to know more about Alf's services for companies visiting our FAQs