Data & GDPR

Start the compliance of your data and the associated processing

GDPR

The 4 main actions for your compliance

The General Data Protection Regulations replace the current 1995 Directive and have been in force since 25 May 2018. From this date on:

  • Companies must prove their efforts to comply with the RGPD (process, organization, tools, etc.)
  • Map their personal data and processing
  • Organize (DPO, procedures, team training/awareness)
  • Equipping yourself with software tools

GDPR offers to ensure the conformity of your data

Consistent with its expertise in customer knowledge and data intelligence, Coheris has developed solutions adapted to the new European directive of the GDPR to provide an appropriate response to these new challenges.

 

RGPD Text-Control

Identification des mots et expressions interdites - Coheris RGPD Text-Control

Identification of prohibited words and expressions by taking into account of grammatical rules (conjugations, chords)

Coheris RGPD Text-Control

Check the free text boxes.

A software to monitor in real time, or offline, the sensitive data present in the free text areas of your applications. This solution proposes alternatives to replace prohibited expressions, according to the regulations.

Mapping

Dashboard - Criticality analysis of verbatims - GDPR mapping

Dashboard – Criticality analysis of verbatims

Mapping

Sensitive data

A service offer to identify in the free text areas of your applications, sensitive or prohibited data within the meaning of the regulations, and establish associated dashboards.

Processing of sensitive data

The GDPR provides that information collected on individuals must be lawful in relation to the purpose of the processing operation. Comments must not be inappropriate, subjective or insulting.

Particular attention must be paid to sensitive data referred to in Article 9 of the GDPR:

  • The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person shall be prohibited.
  • This point does not apply in certain cases specified in Article 9 (consent of the data subject, data made public by the data subject, legal legitimacy (rights/obligations of the controller), safeguarding vital interests, cases of associations/foundations, public interest grounds, etc.) subject to the necessary limitation.

Personal data and the CNIL recommendations

The article 10 also recalls that the processing of personal data relating to criminal convictions and related offences or security measures may only be carried out under the supervision of the public authority. Any complete register of criminal convictions may only be kept under the control of the public authority.

The CNIL recommends limiting the use of free comment areas, raising awareness among teams likely to fill in these text areas and encouraging the use of drop-down menus offering objective assessments. However, it is not always possible to simply delete these free text fields. This is why the CNIL recommends regular audits and the use of automatic tools checking the words contained in the comment areas should also be considered. Finally, comment extractions can be performed regularly to ensure compliance with the GDPR.

Compliance with the GDPR

  • Sensitize teams in contact with personal data.
  • Verify understanding of principles, roles, responsibilities and procedures.
  • Train employees to avoid a major risk of non-compliance.

Information gathering

  • Particular attention must be paid to sensitive personal data.
  • Limit the use of free comment boxes.
  • Regular audits and use of automatic tools.

Data processing

  • Identify precisely the different processing of personal data.
  • Identify precisely the categories of personal data processed.
  • Identify precisely the objectives pursued by data processing operations.

Download the product sheets

GDPR offers