25/05/2018- The entry into force of the long awaited GDPR … and so dreaded

The week of entry into force of the new European regulation on personal data will have seen many companies rush around this deadline to assail their contacts and clients with e-mails.

  • Several observations: the majority of these e-mails aimed to ask for a (new) consent to the people; the majority of people did not read these e-mails, received in shambles and even less confirmed a consent.
  • Several reflections: it seems that in most cases, the legal basis of data processing did not have to be the consent (remember that a company can on the basis of a legitimate interest send offers to its customers naturally interested by its products and services); by massively addressing this demand, the companies themselves have had to obtain a consent; even if a consent was necessary, it is far from certain that is really was necessary for the 25th of May; the result of this precipitation is most certainly a massive loss of business data and the value that goes with it.

The CNIL has announced that it will remain fairly flexible as part of its controls until the end of 2018. So it is still time to reflect on the legal part and to verify on a case-by-case basis what are the obligations of the company and the steps to take regarding the compliance that needs to be implemented.