• English
  • Français
  • Español

The new European General Data Protection Regulation

 

GDPR, what is it?GDPR Rond

Is my Radio affected?

What about the NeoGroupe Software applications?

Criteria regarding the business organization

Criteria regarding the software applications

 

 GDPR, WHAT IS THIS?

GDPR is a new European Union Regulation that applies to all companies which process personal data of European Citizens, from may 2018.

Personal data is defined as any piece of information that allows to identfy an individual (text, picture, social media message, e-mail address, etc.). GDPR applies to B2B* as well as B2C* relations, and also to companies outside the European Union.

 

  IS MY RADIO AFFECTED?

If you record data regarding your winners, contest entrants, phone calls, listeners or their opinions, under whichever computerized form, then this is applying to your organization.

Some principles need to be respected, so that your entity complies with GDPR. Those principles effect your internal company organization, as well as the functionality of the software applications that you are using.

In a word, it appears to be difficult to store and process data using spreadsheets / emails any longer, especially as the fines are significant (4% of global worldwide turnover).

Companies are now responsible for the keeping of personal data in their possession, and must be able to demonstrate their GDPR compliance.

If the data processor is questioned on the processing of such data pieces, it will have to prove that it took actions to prevent incidents.

 

 IS THERE ANY ADVANTAGE TO IT?

The two main advantages of this regulation are the increasing of the individual's confidence in your entity, and the optimization of your internal processes (Clarification of your IT system).

 

 AND WHAT ABOUT THE NEOGROUPE SOFTWARE APPLICATIONS?

NeoGroupe has updated its NeoWinners and NeoScreener software applications, in order to comply with conditions set by GDPR.

 

 COMPLIANCE?

Attention! The software part allows you to reach compliance after some parameters have been set, but the entity organization part falls under your responsibility.  Indeed, THE COMPLIANCE IS THAT OF YOUR COMPANY, and not that of the software applications.

 

 CRITERIA

 ABOUT YOUR BUSINESS ORGANIZATION

Protection of all personal data pieces of your employees, clients, general public, company relations, etc. Anonymising / Aliasing of data, if possible. 
Inventory of all the personal data held by the company (Locating : Servers, private cloud, public cloud). Writing of a Good Practices document & awareness-raising of employees.
Contracting of relations with sub-contractors receiving personal data from your entity Obtaining consent through intelligible and short terms.
Tracing of data flows entrusted to sub-contractors. Control of data growth (Archiving policies, automatic deletion, etc.)
Data breach possibility evaluation. Notifying within 72h the supervisory authority if any data leak has been detected by the company.
Physical securing of the devices containing the data. Appointment of a company DPO (Data Protection Officer) (Companies of more than 250 employees and administrations).
Logical securing and monitoring of IT systems accesses and data accesses (for example LDAP/AD, VPN, security patches). Strict framework for Profiling (automated decisions regarding individuals).
Encryption of storage, authentications and communications.  

 

 ABOUT SOFTWARE APPLICATIONS

Informing of the individual of the final purpose of his/her personal data collection: automatic legal text at record creation, and check-box to mark consent obtaining.

Operators data access securing.
  • Encryption of data within the database tables.
  • Encryption of communications between clients and the database server.
  • Account/password access for operators, with expiry functions.
  • Automatic disabling of inactive operator accounts.
  • Blocking of operator account after too many unsuccessful login attempts.
Access right for an individual to his/her data, upon request. Data access rights (limitations) and limitation of data export functions.
Deletion right for an individual of his/her data, upon request. Limitation of the active data retention duration (automatic deletion, prolonged backups outside the operating environment.)
Rectifying right, and data processing limitation right. Age blocking (no data allowed if age is less than 16 years without explicit parental consent.)
Data portability right. Monitoring of free-text zones with warning labels, forbidden words dictionary and automatic replacement of forbidden words.
Logging and tracing of operations on the data.  

 

CONTACT US TO GET MORE DETAILS ON NEOWINNERS AND NEOSCREENER.

Tel +33 9 72 23 62 00 – This e-mail address is being protected from spambots. You need JavaScript enabled to view it


You can obtain product updates either under your valid maintenance contract, or by purchasing the new versions. NeoWinners and NeoScreener are GDPR-compliant from versions 5 on.


GDPR is applicable from the 28th of MAY, 2018.

 

Links : 

Official Journal of the European Union

Wikipedia (NON Official)

* B2B = « Business to Business », e.g. personal data of individuals engaged in entity-to-entity relations (Companies / Administrations / Associations etc.)
* B2C = « Business to Consumer », e.g. personal data of individuals consuming goods/services, for example the final clients of a telephony operator.
 
WARNING: This text is purely informative and constitutes on no account a legal notice nor guarantees any conformity with the GDPRegulation.

Search site

Upcoming events