A few weeks before the entry into force of the RGPD, we wanted to give the floor to Denis Levy-Rossi, Security Officer at the Loyalty Company group, to explain the ins and outs of this new regulation. Maintenance.
The General Data Protection Regulation (DGPS) is the reference text establishing the protection of personal data as a fundamental right for all European countries. This regulation gives citizens back control over their personal data and therefore disrupts the way companies operate. They must now assess the risks involved and reduce them by deploying the human, organisational and technical measures necessary to enforce these regulations.
Nevertheless, it must be understood that the DGMP is not a recommendation for technical solutions to be implemented. Rather, it is a framework defining what the European Union expects from companies in terms of data protection.
Companies must apply the principles defined by the DGMP to all their activities. This is why each employee must be sensitized with the same level of knowledge. In concrete terms, as soon as an employee manipulates or uses data, he or she must ask the right questions: “Is it personal data? “What is the legal basis for the use of this data? “, “Do I have the consent of individuals to use their data? “And if so, for how long? “Etc.
Whether in terms of marketing or sales, the data must be processed in the same way in order to respect the rights of the persons concerned. To this end, it is important to inform individuals when collecting their data, particularly about the purposes and storage period. Sales representatives will not present the information in the same way as they do in marketing, where the necessary information and appropriate forms of consent must be included in the data collection forms. In addition, sales representatives must take sensitive data into account and, above all, do not enter it in free text fields on CRMs, for example. This is true for any prospect or customer follow-up activity.
For me, this regulation is a real positive development. We finally have a legal framework adapted to digital and digital transformations!
The DGMP can be perceived by companies as a constraint because its implementation requires a lot of human investment and compliance with certain obligations. But the text is pragmatic: the conditions of application take into account the reality of companies and organizations. In this respect, the DGMP should not be seen as a constraint but as an opportunity: that of setting up a quality approach in which the citizen is truly at the centre. It is also an opportunity to rationalize your processes, to sort through your data and even to clean up. Finally, complying with the DGMP means ensuring total transparency as a company or brand and thus rebuilding a relationship of trust with its customers.
We have entered the first stages of the process but our objective is to raise awareness among all Kiss employees on the subject, a subject all the more sensitive as our core business is based on customer data.
We have therefore already organized two waves of awareness sessions, the first of which was led by our partner, Advens. We then took over by reworking our presentation materials so that employees could reuse them if necessary. And at the moment, we are working on the mapping of treatments so that Advens can then propose a detailed action plan of the priority axes to be put in place.
In parallel, we have created the position of Security Officer to respond to the framework provided by the DGMP. The latter’s mission is to support our customers beyond the internal level and make them aware of this new regulation. Indeed, as a subcontractor, we have the obligation to support our customers on this subject (within the framework of the projects we set up for them), answer their questions and advise them over the long term.
If the DGMP requires the appointment of a Data Prot