Your website complies with the RGPD for less than 1000 euros? It’s possible !
For € 990, DPO Consulting carries out a complete audit of your website and issues you a turnkey RGPD compliance kit.
Focus on the essHow to lawfully obtain data subject’ consent? Data protection regulations require that all methods used in the collection of personal data be carried out unambiguously with clear affirmative action. In other words, confirmation from users is required at the time of any registration. To do this, you can ask visitors to:
If you need explicit consent, an express statement confirming consent is required. Indeed, you should not rely on or be satisfied with silence, or inactivity in the pre-checked boxes, unsubscribe boxes, default settings or on the general acceptance of your terms and conditions. The user must always express his or her consent in writing. The new data protection regulations also require that the retention period be specified on company documents where possible.
Article 7 (1) provides that:
“Where the processing is based on consent, the controller must be able to demonstrate that the data subject has consented to the processing of his or her personal data.”
This means that the company must have proof indicating the day and method of consent used by the user. It is necessary to keep this evidence to demonstrate that you are complying with the liability obligations.
Non-compliance with the regulation is subject to severe penalties, which amount is decided according to the seriousness of the impact on data subjects, the duration of the infringement and the type of data subjects (e.g. vulnerable).
If the violation of the Regulation is linked to formal requirements (e.g. impact assessments, infringement notifications, etc.), the fine imposed may be up to €10 million, or 2% of the company’s consolidated annual turnover, whichever is higher.
If the fine is imposed for non-compliance with the basic provisions of the GDPR, such as the transfer of data to third parties without adequate data protection measures, excessive retention periods or unjustified data collection, the fines may be as high as €20 million or 4% of the previous year’s total overall annual turnover, whichever is higher.
Instead of being fined separately for each provision, organizations will be fined for the most serious offence. Fines may be imposed for any violation of any of the provisions of the GDPR, including violations concerning:
A company may therefore be fined for:
If you need explicit consent, an express statement confirming consent is required. Indeed, you should not rely on or be satisfied with silence or inactivity, for exemple with pre-checked boxes, unsubscribe boxes, default settings or on the general acceptance of your terms and conditions. The data subject must always express his or her consent in writing. Data protection regulations also require that the retention period be specified on company documents where possible.
Article 7 (1) provides that:
“Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.”
This means that the company must have proof indicating the day and method of consent used by the user. It is necessary to keep this evidence to demonstrate that you are complying with the liability obligations.