Article updated on January 7, 2025 by Byothe
If there is a very important subject, touching on the web, it is that of personal data… Mark Zuckerberg with his recent setbacks knows something about it. So, little by little, the legislator has taken hold of the subject.
After examining the draft law on the protection of personal data, the Assembly finally voted on it, for adoption on March 21. However, there are still a few months left for the various entities concerned, after the entry into force of the General Data Protection Regulation the protection of personal data (GDPR) planned for April, to make the necessary changes at the technical and organizational levels to comply with the new legislation.
But what are we really talking about?
Amendments adopted by the Law Commission and changes made
Some amendments were adopted by the Law Commission, with the aim of:
- better support small structures, VSEs-SMEs and local authorities in the implementation of their new obligations;
- strictly regulate the use of algorithms by the administration to make individual decisions, and strengthen guarantees of transparency in this area, for example for university registrations;
- clarify the legal framework for making court decisions available (“open data”) in order to prevent any risk of harm to the privacy of individuals and the independence of justice;
- ensure that users of electronic terminals have the choice to install privacy-friendly applications on them.
Furthermore, some changes made by the Senate during the public session were also made, in order to:
- set up a labeling system for connected objects, in order to ensure that they meet high requirements in terms of security and confidentiality of their personal data (amt 79 rect. – art. 1);
- guarantee the non-use of personal health data to set insurance prices as well as the impossibility of using this same data for therapeutic or medical choice purposes (amt 12 rect.– art. 13);
- include in the education code the principle of transparency in the processing of school data (amt 24 rect.bis – art. add. after art. 14);
- combat abuses of a dominant position which have the effect of imposing on consumers the tied sale of computer equipment and pre-installed applications or services (amt 78 rect. - art. add. after art. 17a).
The measures to be taken by the entities concerned to remain in compliance with the GDPR
There is less than a year left for businesses and administrations to take the necessary measures and comply with the GDPR. Among the measures to be taken, we can cite:
Creation of a position for the Data Protection Officer
With the adoption of this new law, companies will already have to plan for the establishment of an entity responsible for the protection of personal data. The service or department will be responsible for ensuring that all personal processing complies with the new legislation.
In the absence of qualified personnel to carry out the mission, the company can opt for the outsourcing solution to ensure the provision of personal data protection, just as Network security support offered by Nomios.
Assessment of the level of compliance with the PIA (Privacy Impact Assessment)
Companies will have to review all their personal data processing. The processes put in place will have to be assessed to determine whether they meet the requirements of the new legislation on the security and confidentiality of personal data. This assessment of processing concerns both computerised data and data archived on paper.
Establishing an action plan
Companies, with this new law, are required to take the necessary steps to secure personal data. The privacy policy will have to be the subject of a thorough study, in order to guarantee anonymity. Companies will have to establish a clear process on the duration of data retention and the purpose of each processing of personal data. In addition, they are invited to recommend the establishment of a governance framework for the confidentiality of personal data.
