The new European General Data Protection Regulation


GDPR is a new European Union Regulation that applies to all companies which process personal data of European Citizens, from may 2018.

Personal data is defined as any piece of information that allows to identfy an individual (text, picture, social media message, e-mail address, etc.). GDPR applies to B2B* as well as B2C* relations, and also to companies outside the European Union.

If you record data regarding your winners, contest entrants, phone calls, listeners or their opinions, under whichever computerized form, then this is applying to your organization.

Some principles need to be respected, so that your entity complies with GDPR. Those principles effect your internal company organization, as well as the functionality of the software applications that you are using.

In a word, it appears to be difficult to store and process data using spreadsheets / emails any longer, especially as the fines are significant (4% of global worldwide turnover).

Companies are now responsible for the keeping of personal data in their possession, and must be able to demonstrate their GDPR compliance.

If the data processor is questioned on the processing of such data pieces, it will have to prove that it took actions to prevent incidents.

The two main advantages of this regulation are the increasing of the individual’s confidence in your entity, and the optimization of your internal processes (Clarification of your IT system).

NeoGroupe has updated its NeoWinners and NeoScreener software applications, in order to comply with conditions set by GDPR.

Attention! The software part allows you to reach compliance after some parameters have been set, but the entity organization part falls under your responsibility.  Indeed, THE COMPLIANCE IS THAT OF YOUR COMPANY, and not that of the software applications.

Protection of all personal data pieces of your employees, clients, general public, company relations, etc.Anonymising / Aliasing of data, if possible. 
Inventory of all the personal data held by the company (Locating : Servers, private cloud, public cloud).Writing of a Good Practices document & awareness-raising of employees.
Contracting of relations with sub-contractors receiving personal data from your entityObtaining consent through intelligible and short terms.
Tracing of data flows entrusted to sub-contractors.Control of data growth (Archiving policies, automatic deletion, etc.)
Data breach possibility evaluation.Notifying within 72h the supervisory authority if any data leak has been detected by the company.
Physical securing of the devices containing the data.Appointment of a company DPO (Data Protection Officer) (Companies of more than 250 employees and administrations).
Logical securing and monitoring of IT systems accesses and data accesses (for example LDAP/AD, VPN, security patches).Strict framework for Profiling (automated decisions regarding individuals).


Informing of the individual of the final purpose of his/her personal data collection: automatic legal text at record creation, and check-box to mark consent obtaining.

Operators data access securing.
  • Encryption of data within the database tables.
  • Encryption of communications between clients and the database server.
  • Account/password access for operators, with expiry functions.
  • Automatic disabling of inactive operator accounts.
  • Blocking of operator account after too many unsuccessful login attempts.
Access right for an individual to his/her data, upon request.Data access rights (limitations) and limitation of data export functions.
Deletion right for an individual of his/her data, upon request.Limitation of the active data retention duration (automatic deletion, prolonged backups outside the operating environment.)
Rectifying right, and data processing limitation right.Age blocking (no data allowed if age is less than 16 years without explicit parental consent.)
Data portability right.Monitoring of free-text zones with warning labels, forbidden words dictionary and automatic replacement of forbidden words.
Logging and tracing of operations on the data. 


Tel 09 72 23 62 00 –

You can obtain product updates either under your valid maintenance contract, or by purchasing the new versions. NeoWinners and NeoScreener are GDPR-compliant from versions 5 on.

Applicable from the 28th of MAY, 2018

Wikipedia source ( NON official)

* B2B = « Business to Business », e.g. personal data of individuals engaged in entity-to-entity relations (Companies / Administrations / Associations etc.)
* B2C = « Business to Consumer », e.g. personal data of individuals consuming goods/services, for example the final clients of a telephony operator.