After having received a lot of criticism, the RGPD is now installed in all companies and administrations. From now on, the processing of data (personal or sensitive) is governed by new rules. However, the success of the RGPD does not just on the consent or controlled cookiesss, but on the's system as a whole.'and data processing system. WhatWhat about the security of our data? Has health data been at greater risk with COVID-19? 2 years later, it's time totime totake stock.
RGPD and data governance
According to the recent Rreport of the European Commissioncompanies "are developing a culture of compliance and are increasingly emphasizing as a competitive advantage the high level of data protection that'they provide". Both the European Commission and the CNIL are pleased with the success of the RGPD. With a 79%increase in complaints in 5 years, the least we can say is that citizens are informed.
The CNIL s'has given itself several missions for 2020. Firstly, to strengthen its support for companies to deploy the compliance of their practices with, for example a guide for the developers. This year, the'support that stands out concerns digital marketing with the'use of cookies and data collection for targeting purposes.
For its part, the "control" of the CNIL focused on 3 areas:
- The security of health data in order to verify the security measures deployed by healthcare professionals;
- Geolocation data from mobility services (route optimization, choice of transport...): proportion of data collected, retention period, information provided and security measures;
- The provisions related to cookies and other tracers in user profiling. The main issue is how sites collect free, explicit, informed and unambiguous consent.
With the COVID-19, thea CNIL'focused on the collection and'and use of healthcare data. To date, however, none of the challenges of 2020 seems to be falling by the wayside, or even falling behind.
Identify the 3 types of attack to which your company is exposed and the benefits of opting for a DSSI for effective cybersecurity.
The Cloud Act, or the American RGPD
While the GDPR improves data security, it does not stand up to everything, including the Cloud Act Act.L'Act allows authorities to seize lof all digital operators and service providers.taservice providers in the United States.
Precisely because'he is American, the Cloud Act will impact the whole world, Europe included. If the data are hosted in American services Cloud (via GAFA for example), the data are no longer secured in Europe. Even if they respect the RGPD.
The risk is to'The risk is all the more present with the new health data platform, the Health Data Hub.he new health data platform, the Health Data Hub. This service brings together number of data via the National Health Data System. The HBH will be hosted on Microsoft's Cloud , giving rise to conflicts between laws. While waiting for the HBH to go online, the CNIL has communicated its recommendations in terms of confidentiality and respect of liberties.
Find out more about the Cyber Resilience Act, cybersecurity in IoT and Edge Computing.
Sensitive data to the test ofssessment COVID-19
The spread of the Coronavirus has caused an earthquake concerning thehosting and processing of sensitive data.
As a reminder, sensitive data is data that reveals the'racial or ethnic origin, religious or philosophical beliefs, religion or political opinions.'trade union membership or political opinions. In sensitive data, we also find personal data health data, sexual orientation or genetic data. To date, it is illegal to collect such data, except for the'exception of 4 specific cases.
Since thea COVID-19, are there any changes in the? Not in the collection or processing of data dhealth data. If companies want to know the'If companies want to know the health status of their employees on site, they have to turn to the occupational medicine or other competent authority. They can only take the temperature and only if the results are not kept.
The big change is the'application StopCovid. This application alerts users of'a risk of contamination when'they have been in contact with'other diagnosed userss positives to COVID-19. The CNIL's only authority is to make recommendations. What'it does in emphasizing the'importance of'a good information, of'a limited collection timee and respect for free participation.
The RGPD has shaken up many structures, but its application is still a challenge.'broadens thanks, among other things, to the educational work carried out by the CNIL. The Coronavirus has upset the'agenda of companies and the CNIL, without creating any profound destabilization. However, the'application StopCovid application raises questions about a new era of surveillance. How far will the collection go for the state?
Want to know more about the hospital of tomorrow? Read our article Innovating and building tomorrow's hospital: infrastructure, collaboration, cybersecurity, business applications, AI and download our white paper Building tomorrow's hospital with Microsoft solutions.
