In May 2018, new European regulations on the protection of personal data will enter into force. All companies will have to comply. In France, a new law also sets obligations in this field.
Below are some of the principle guidelines all employers must keep in mind when handling personal data.
DEFINE THE OBJECTIVES OF THE FILE
Before any collection and use of personal data, the data controller must precisely announce to the individuals concerned what purpose the data will serve. These goals must respect the rights and freedoms of individuals. They limit how the controller can use or reuse this data in the future.
CHECK THE RELEVANCE OF DATA
Only the data strictly necessary for achieving the goal can be collected: this is the principle of minimizing the collection. The controller should not collect more data than is really needed. Special attention must be paid to the sensitive nature of certain data.
LIMIT THE CONSERVATION OF DATA
Once the goal of data collection is achieved, there is no longer a need to keep the data and it needs to be removed. This storage period must be defined in advance by the controller, while still taking into account any and all obligations to retain some data.
RESPECT INIDIVIDUAL RIGHTS