Esokia: our certified GDPR employees, what does that imply ?
What is GDPR ?
The General Data Protection Regulation (GDPR) is a European Union regulation designed to protect the personal data of users of web and mobile sites and services. The CNIL supports private and public organizations in France in the implementation of measures to ensure that the use of personal data respects the privacy of the persons concerned. It applies to all persons present in the European Union. Thus, also on companies whose customers are involved in it.
Test your website's GDPR compliance
In other words, all companies, public bodies and associations collecting personal data on European residents are concerned.
At another time, assessments are occasionally carried out by the CNIL to ensure that all criteria are indeed met. These evaluations are fairly rare and are often the result of a complaint filed with the CNIL.
The GDPR allows users to have more control over their data, to ensure that it is secure and that it will not subsequently be disclosed or reused without consent. For example, visitors can access the data that the site has collected about them and upload it to a website.
It also allows site visitors to have complete control over how their data is used: why it was taken, how long it will be used and who will have access to it.
If they wish, visitors can also request the deletion of a piece of data, in which case the data in question will be deleted, but a code or customer reference with the date of the deletion request will still be available.
To summarize, the GDPR is a regulation that ensures the security of the personal information of visitors to web pages, reassuring them and giving them control over their use.
What is the client's responsibility?
Clients, the organizations for which Esokia develops websites, have above all strict rules imposed by the GDPR to respect.
They must ensure that not only the confidentiality of their visitors' personal data but also their visitors' rights are respected, they must be able to control, consult and remove their personal information whenever they want.
The customer is also responsible for the management processing of their visitors.
Respecting all these constraints, although sometimes inconvenient, allows to install a genuine pledge of trust between customers and their users.
Should the customer fail to comply with one or more rules imposed by the GDPR, after a denunciation, he will be inspected by the CNIL and could receive a fine of up to €20 million or up to 4% of his turnover.
Esokia's data protection commitments
Esokia, for its part, is considered to be a sub-contractor, as defined in Article 4 of the European Regulation.
An organisation is a sub-contractor when it processes personal data on behalf of and under the instructions of another organisation having the status of data controller. Thus, the company also finds itself in possession of the personal data of visitors of their customers.
The logical next step, therefore, is to ensure that all staff who process personal data are subject to an obligation of confidentiality with respect to this information, in order to reassure customers about the security of their personal information.
Developing its customers' websites, e-commerce and mobile applications, Esokia must ensure that all the constraints set by the GDPR are respected. In other words, Esokia guides its customers by making sure that their websites and way of proceeding are in line with the rules imposed by the GDPR.
Esokia's clients and their visitors must be kept informed of any possible security or other failures or any other problems that may arise.
Mr. Frédéric GUERIN, Data Protection Officer (DPO) at Esokia has successfully completed a GDPR certification training course organised by the CNIL. Thus, each request or question from our customers will be approved or managed properly and within the measures imposed by the GDPR.
In addition to developing its clients' websites, Esokia ensures that they comply with the rules imposed by the GDPR.
In other words, Esokia will make sure that it follows the measures of the GDPR as a subcontractor. The company will then make sure that their website is in conformity with the GDPR standards, and finally, will offer its advice if requested by the client to do so.
Test your website's GDPR compliance