GDPR

What is the GDPR?

GDPR means "General Data Protection Regulation" (in French "Règlement Général sur la Protection des Données" or RGPD).

This is a new European regulation implemented on May 25, 2018 which governs the processing of personal data within the European Union. It strengthens citizens' control over the use that can be made of their personal data.

The GDPR applies to any organization that processes personal data on its behalf or not, therefore:

that it is established on the territory of the European Union,
or that its activity directly targets European residents.

TrialPEX and GDPR

Although the GDPR is in line with the French Data Protection Act of 1978, a novelty lies in the empowerment of subcontractors who manage personal data on behalf of their customers. Indeed, the French Data Protection Act was only applied to the data controller (promoter).

For now on, Subcontractors have new responsibilities and are required to comply with specific obligations in terms of security, confidentiality and documentation of their activity. In addition, they must assist and advise data controllers in their ongoing process of bringing their processing operations into compliance.

Article 28 of the European regulation specifies that the processor must offer "sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of this regulation and guarantees the protection of the rights of the data subject ".

In practice, this means:

An obligation of transparency and traceability
Consideration of data protection principles from the initial design and data protection principles by default
An obligation to guarantee the security of the data processed
An obligation of assistance, alert and advice.

Back