THE CODEX

A DPO is not compulsory in an organisation. However, in some cases, organisations are obliged to appoint one. It is an obligation if it processes sensitive data on a large scale or involves large scale, regular and systematic monitoring of individuals.

What is a DPO? Before the GDPR, the “Data Protection Correspondent” was the one in charge of data protection in the company. However, starting the 25th may of 2018, the Data Protection Officer is created. He is the one in charge of ensuring GDPR compliance in the organisation.

Article 5(3) of Directive 2002/58/EC, amended in 2009, transposed into French law by Article 82 of the Data Protection Act, establishes the principle of prior consent of the user before storing information on his or her terminal or accessing information already stored on it

Cookies are tracers that allow companies to collect data on the navigation of Internet users on the web. How does it work? During navigation, files can be stored by the server in the Internet user’s browser in order to collect data on web navigation.

According to the GDPR the required information must be communicated in a concise, transparent, understandable and easily accessible way, in clear and simple terms.

The EDPB’s guidelines recall that transparency helps “build trust in the processes applicable to citizens by enabling them to understand and, where necessary, challenge those processes.