Cookies are tracers that allow companies to collect data on the navigation of Internet users on the web.
How does it work?
During navigation, files can be stored by the server in the Internet user’s browser in order to collect data on web navigation.
According to the GDPR the required information must be communicated in a concise, transparent, understandable and easily accessible way, in clear and simple terms.
The EDPB’s guidelines recall that transparency helps “build trust in the processes applicable to citizens by enabling them to understand and, where necessary, challenge those processes.
Archiving is a legal obligation for companies.
Indeed, they must be able to present the documents to justify the operations in case of a tax audit or a dispute. This is why certain documents must be kept for a period of time stipulated by law.
The purpose of backup is to restore data and systems in the event of a system anomaly, in order to limit the risks of loss and correction of data or these systems, whereas the purpose of electronic archiving is the conservation of information in order to guarantee its continuity,
How to define an archiving policy?
Like any action plan, an archiving policy involves asking the right questions.
First of all, companies must ask themselves about the needs of the organization.
This means determining the scope of archiving and the volume of data to be archived.
What is a processing record?
To explain what it is simply, it is a document listing all processing of personal data that allows companies and data protection authorities to have an overview of the data processing
The text defines it as “any information relating to a natural person who can be identified, directly or indirectly.”
Personal data is said to concern a natural person, because in the case it concerns a company, it will not be considered personal data. Thus, it will not be protected by the GDPR.
The GDPR provides for a reinforcement of the rights of individuals, imposes on data controllers and processors a certain number of obligations, and provides for sanctions for their non-compliance.
The first ambition of the GDPR was to reinforce the rights of individuals by making the actors processing the data concerning these individuals more responsible. To do so, a regulation must be credible and efficient.