In May 2018, new European regulations on the protection of personal data will enter into force. All companies will have to comply. In France, a new law also sets obligations in this field.
Below are some of the principle guidelines all employers must keep in mind when handling personal data.
DEFINE THE OBJECTIVES OF THE FILE
Before any collection and use of personal data, the data controller must precisely announce to the individuals concerned what purpose the data will serve. These goals must respect the rights and freedoms of individuals. They limit how the controller can use or reuse this data in the future.
CHECK THE RELEVANCE OF DATA
Only the data strictly necessary for achieving the goal can be collected: this is the principle of minimizing the collection. The controller should not collect more data than is really needed. Special attention must be paid to the sensitive nature of certain data.
LIMIT THE CONSERVATION OF DATA
Once the goal of data collection is achieved, there is no longer a need to keep the data and it needs to be removed. This storage period must be defined in advance by the controller, while still taking into account any and all obligations to retain some data.
RESPECT INIDIVIDUAL RIGHTS
Data concerning individuals can be collected on the essential condition that they have been informed of this operation. Individuals also have certain rights which they can exercise with the body which holds the data concerning them: a right of access to the data, a right to rectify it and finally a right to oppose its use.
The data controller must take all necessary measures to ensure the security of the data collected but also its confidentiality, that is to say to ensure that only authorized persons can access it. These measures can be determined according to the risks weighing on this file (sensitivity of the data, objective of the treatment ...).