GDPR, what is it? Definition and perimeter
Before anything else, you must know that the GDPR (General Data Protection Regulation) is actually the adaptation of a French law of 1978, the Loi Informatique et Libertés. The GDPR is 80% similar to this French law, which has been for more than 40 years up until today!
Realytics' founders wanted, since the foundation of the company in 2014, to develop solutions that would be respectful of personal data, and we've been preparing ourselves for more than 1 year for the GDPR. We're a company that analyses and produces data, so we must be in compliance with the laws about personal data, especially the GDPR!
Getting GDPR compliant: Realytics' to-do list
Being DPO, missions and scope of actions
The first and most important thing on the list: to nominate a DPO! It was primordial that Realytics nominated a DPO (Data Protection Officer) who would be the conductor in charge of Realytics compliance to the GDPR, but who would also inform and counsel both Realytics' founders and employees.
The register of the processing operations, a crucial project
Then, Realytics had to keep a register of notified personal data processing operations ; it could for instance be a list of the persons we invited to one of our breakfasts, staff files or even the data collected by our team.
A personal data is defined in article 4 of the GDPR as any information relating to an identified or identifiable natural person, so a name, an ID, even an IP address are considered as personal data. Data is everywhere today!
We have strengthened our security policy, both physical and IT, and are doing everything in our power to guarantee the higher level of security for the data we collect. Encrypted data, regular backups and safety checks, secured access to our data, double authentication to our portal... Your data is safe with Realytics!
We think before we act
Everybody knows it: you'd better think before acting, prevention is better than cure... Here, at Realytics, we priorise the actions to be taken and always think ahead about the potential risks our treatments could bear on the rights and freedoms of the people concerned. We have developed a "privacy by design" approach, where security and data protection are guaranteed as soon as we implement a new treatment.
Internal education and information, a day-to-day mission
A huge step to ensure compliance is the internal education and information of our teams. It is a day-to-day mission! Everybody has to adopt the correct reflexes.
It does not only concern the data processing but also the IT security (not leaving computers on when leaving the desk, always pick up the sheets printed, beware of the documents people throw out...). Everybody should be aware of the importance of personal data.
Realytics and personal data
Realytics collects 2 types of personal data:
The data collected on the portal
We collect and store, in order to guarantee our clients' identification on our portal (strictly reserved to our clients), the name, first name and email of the person. This data is classified as "personal", and we do store them under greater security. This data is stored for 12 months.
The data collected via our cookies
We collect and store, in order to provide our TV campaign analysis and optimisation services, pseudonymised data via the cookies we place on our clients' websites. Realytics' cookies are first party cookies, that allow us to identify a user via a unique and anonymised ID, which we store for 12 months.
All our data is stored on servers in Dublin, Ireland, or Paris, France. Nothing is stored outside of the UE, and everything is encrypted!
Questions, remarks? Please feel free to contact our technical team and our DPO: firstname.lastname@example.org