GDPR Compliance

Personal data and privacy protection of EU citizens.

What is the General Data Protection Regulation (GDPR)?

Faced with the development of digital technology and the increase of online services, the European market has seen the emergence of numerous regulations in recent years.

The GDPR (General Data Protection Regulation) is a European regulation that requires companies to protect the personal data and privacy of EU citizens. This new European regulation strengthens citizens’ control over the potential use of their data. It harmonises the rules in Europe by providing a legal framework for professionals. It enables them to develop their digital activities within the EU, based on the trust of users.

The main objectives of the GDPR are to increase both the protection of those concerned by the processing of their personal data (name, address, telephone number, etc.) and the accountability of those involved in the processing.

Find out what the requirements for GDPR compliance are and how our solutions meet them.

Which companies are required to be GDPR compliant?

Any organization, regardless of its size, country of establishment and activity, is affected. Indeed, the GDPR covers any organization, public or private, which processes personal data on its behalf or not, as long as :

  • it is established on EU territory,
  • or that its activity directly targets European residents.

The GDPR also concerns subcontractors who process personal data for other organisations. If you process or collect data on behalf of another entity (company, local authority, association), you have specific obligations to ensure the protection of data entrusted to you. In order to ensure compliance with these new laws, the CNIL has reinforced sanctions. These may be applied to a company’s data controllers and subcontractors.

In case of non-compliance, the fine may be as high as 4% of the company’s total annual turnover or 20 million euros.

Entreprise en conformité RGPD
Eidas Niveau De Sécurité Identification

What are the requirements for GDPR compliance?

The first step towards GDPR compliance is to consider the real purpose of the data collected. Indeed, data can only be kept if their sole purpose is to contribute to the development of a business.  The DPO (data protection officer) will have to ensure that individuals who have access to personal data are properly authorised, but also that this information complies with the retention periods laid down by law.

One of the main challenges of the GDPR is to protect individuals whose personal data is collected. As such, companies must be particularly sensitive to the reason for collecting and storing information, to the list of people having access to the data and to the data retention time.

These elements should be available in the company’s privacy policy and should be accessible to everyone for transparency. Finally, processes must be put in place so that anyone who has provided personal data can at any time exercise their right of access, opposition or rectification.

How are our solutions fully GDPR compliance?

Each company must be able to guarantee the security of hosted information according to its level of sensitivity. The aim is not to affirm that there is no risk of data loss, but rather to show that everything possible has been done to minimise this risk. The DPO must also build an action plan covering all the processes that will be applied to prevent the risk of data piracy or loss within the company.

Biometric data, physical or biological characteristics that make it possible to identify a person (fingerprints, facial recognition, etc.) are no exception to the rule. Our identity verification solution compiles biometric data such as, facial recognition or liveness detection. The requirements for treating biometric data collected for identification purposes are even more stringent. At ARIADNEXT, we ensure compliance with the fundamental principles of the General Data Protection Regulation, including :

The principle of data minimisation: We only extract the data necessary for identity analysis. The privacy policy specifies which data is processed.

The principle of limiting the retention period: The retention period is fully configurable by the customer when using our solution in Folder mode.

The principle of transparency: The privacy policy is concise and uses simple and understandable terms.

The principle of security: Our information systems security manager ensures the confidentiality and integrity of the data processed within the company.

In addition, ARIADNEXT is ISO 27001 certified, an international standard for information system security. ISO 27001 enables companies and administrations to obtain certification attesting to the effective implementation of an information security management system. Our solutions are securely hosted in France on our own equipment. Thus, we ensure total confidentiality and protection of all analysis in order to offer you a service that is fully GDPR compliance.

Follow us!