-
Why Google Maps has disappeared in France and how to get it back
Searches for place names no longer lead to the online map
-
Personal details of 10,200 benefit claimants placed online in France
A file showing dates of birth, addresses and income levels was publicly accessible for 18 months. It had been sent to a training firm which says it thought it was a fictitious list
-
What are the EU rules on passport validity periods?
The European Commission outlines three criteria for people coming into the bloc
New data protection laws oblige firms to act
European citizens should now be better protected from data misuse as new rules come into force giving them more control of their data and making businesses liable for keeping the data secure.
The European General Data Protection Regulation (GDPR – RGPD in France) applies to all firms, irrespective of size, that process citizens’ data such as name, address, email, bank details, photo, health, religion or other identity information.
Its main target is ‘large-scale’ processing by big firms and aims to give EU residents control, allowing them to access any data held and the right ‘to be forgotten’ (ie data removed) – and for firms to ensure data is stored only as long as relevant.
However, small businesses must also abide by the regulation, although those who hold limited personal data have little to do, other than keep the data secure, especially if sensitive, and weed out old contacts.
Those with mailing lists, especially if bought in or taken over from a previous business, should be getting in touch with people listed to get unambiguous consent to the use of their data with reasons for using it.
Changes came into force on May 25 after a two-year ‘grace’ period. Many data users have been asking for ‘clear consent’ from clients to use emails, etc and saying why it is being used.
Parental consent is also needed for the data of under-16s.
Asking permission is now mandatory and data should be encrypted for protection. If there is a breach clients must be informed within 72 hours.
Brexit will not effect the need for UK firms to comply as the UK government has said it will mirror the GDPR post-Brexit.
Fines for non-compliance can reach up to €20million or 4% of turnover. In France the CNIL information watchdog is responsible for policing. Its president, Isabelle Falque-Pierrotin, said compliance was easy and added that no guillotine would fall on businesses working to comply.
The law firm Pinsent Masons and insurer Hiscox has written a guide to the changes for small firms – tinyurl.com/ycfkas3b