CORPORATE gdpr COMPLIANCE

The General data protection regulation

The General Data Protection Regulation (GDPR) is European Union legislation that aims to protect individuals’ personal data within the EU. Implemented in May 2018, the GDPR imposes strict rules on the collection, processing and storage of personal data, as well as severe penalties for non-compliance. Its aim is to strengthen data privacy and security, while giving individuals greater control over how their personal information is used. In Switzerland, the DPA, or Swiss Federal Data Protection Act, applies. This legislation governs the collection, processing and use of personal data.

The foundations of the GDPR

GDPR is based on a number of essential principles to ensure the protection of personal data.

Processing

Consent Agreement

Establishes the principle of explicit consent, requiring individuals to give their prior agreement to the processing of their data.

Use

Right to be informed

Guarantees the right to information, obliging organisations to provide clear and comprehensible information on how data is used.

Collection

Principle of minimisation

Set up the principle of data minimisation, encouraging the collection of necessary data for specific purposes only.

Deleting

Right to erasure

the GDPR introduces the right to erasure, allowing individuals to request the deletion of their personal data if it is no longer required or if consent is withdrawn.

These fundamental principles are designed to ensure transparency, accountability and respect for privacy in the processing of personal data.

GDPR compliance

Who is involved ?

The GDPR concerns all organisations that collect, process or store personal data of EU citizens, whether they are located in the EU or not. This includes companies, public bodies, associations and any entity that handles personal information as part of its activities. Individuals themselves are also affected, benefiting from enhanced rights over their personal data, such as the right of access, rectification, portability and deletion.

In short, the GDPR affects any entity that interacts with personal data in the context of economic or social activities: identity documents, financial data, medical records, emails, online discussions, etc.

What are the requirements for destruction ?

The GDPR imposes strict obligations regarding the destruction of personal data. Organisations are required to put in place secure measures to ensure that data is effectively and permanently deleted once it is no longer required or consent has been withdrawn.

This may involve the use of physical destruction methods, such as shredding or disintegration, as well as secure IT processes to erase electronic data irreversibly. In addition, businesses must keep accurate records documenting data destruction activities to demonstrate compliance with the data protection requirements of the GDPR.

Complying with GDPR

AUDIT

Carry out an audit to assess the potential risks associated with the storage and destruction of your personal and confidential data. This audit will enable you to identify your security weaknesses and put in place protective measures to prevent any information leaks or other actions that could lead to non-compliance with the GDPR and damage the reputation of your company, organisation or association.

Secure solution

Use a solution that guarantees secure destruction and traceability of your information. There are several ways of destroying your data, including deleting the data or destroying the media on which the data is stored. Installing protection software, passwords and anti-virus software are also effective solutions for securing the day-to-day processing of data.

data PROTECTION

By complying with the GDPR, you can not only avoid potentially substantial fines in the event of non-compliance, but also improve the protection of your data and thus avoid leaks of confidential information. Ultimately, compliance will enhance your credibility in the eyes of your customers, employees and partners, thanks to the enhanced security of your company's data.

Do you need secure destruction or erasure?

Contact us now to schedule the destruction or erasure of your IT assets.