Quiz: The RGPD between myths and realities !

RGPD is the hot topic of the moment for marketing professionals. Composed of 99 articles, the text, which came into effect on May 25, raises many questions. EMB offers you to see more clearly with a quiz on the key concepts of the new regulations. Ready ?

The RGPD makes the opt-in compulsory for both B2C and B2B processes.

False. Prior consent is one of the crucial points of the new regulation and will be the standard in B2C. On the other hand, prospecting benefits from a derogatory regime provided that the solicitation is related to the profession of the person targeted. The opt-out will therefore remain the norm in B2B practices.

The so-called "pseudonymised" data (not allowing to know the exact identity of the person) are also subject to the RGPD.

True. Pseudonymised data does not allow to directly identify a person. It can however isolate individual behaviors and even, after specific treatment, become re-identifiable! It therefore enters completely under Article 4 of the GDPR. Not to be confused with anonymized data which is not subject to regulation.

The French are generally opposed to the sharing of their data for marketing purposes.

False. While 90% of French people say they are concerned about the protection of personal data on the Internet, 71% say they are willing to share some information with brands. A bond of trust restored between the various actors would thus be beneficial to all and the RGPD can thus be glimpsed as a real opportunity for professionals.

The appointment of a Data Protection Officer (DPO) is mandatory.

False. The DPO will be the prime contractor for RGPD compliance within the organization it will integrate. Although its designation is highly recommended, it is only made obligatory in three specific cases: Public bodies and authorities Structures carrying out systematic large-scale monitoring of natural persons Organizations dealing on a large scale with so-called sensitive data

Question n° 5 : The GDPR includes the requirement to keep a record of all data processing activities.

True and False. This obligation applies to all companies with more than 250 employees. The smaller structures are not systematically subject to it but will still have to apply this rule in special cases: if the processing of the data is likely to pose a risk to the rights and freedoms of individuals if he is not casual if it relates to sensitive data (see Articles 9 and 10)

The RGPD imposes new rules regarding the shelf life of the data.

True. In the words of the CNIL, "once the objective has been achieved, there is no need to keep the data and they must be deleted". The duration can therefore vary according to the objective which has been defined and varies according to the cases. Regarding B2B, note that you must permanently remove from your database any prospect inactive for 3 years. Finally, if a person asserts his right to be forgotten (Article 17), you will have a period of one month to erase his personal data from your database.

The e-Privacy Regulation is one of the flagship measures integrated into the RGPD.

False ... for now. When the RGPD is mentioned, the mention of e-Privacy is never far away. However, it is important to distinguish between two different regulations, each with its own specificities, in order to avoid any misunderstanding. The e-Privacy, which concerns the protection of the privacy of electronic communications, has not yet entered into force and should be voted in 2019. But it remains to be seen whether it will be voted as it is, or adapted. for each country, even for some trades. Its main challenge lies in the practice of opt-in associated with the deposit of cookies. The collection of this consent will probably be directly at the level of the browser and no longer at each site visited.

Sanctions will be toughened on violators of regulation.

True. Currently, the Data Protection Act provides for a maximum penalty of 3 million euros. The RGPD raises the bar much higher with its article 83 which fixes fines of up to 20 million euros or 4% of the global turnover of the last year for a company. The controls of the CNIL will be regular, so do not expect to fall between the cracks!