WHITE PAPER

Digital evidence and collection for evidence purposes

For several years, the computerization and constant integration of new technologies into the business world have led to the emergence of new practices that have contributed to the emergence of unexpected slides

Today, the “theft” of computer data constituting the information heritage (know-how, confidential information, databases, etc.), the voluntary deletion of files, the unauthorized use of electronic mail or Internet access, etc., are daily risks for companies. The long list of actions leading to this damage regularly makes the headlines.

FOCUS

GDPR : From collection to proof of consent

In the era of “Big Data” and massive digital data collection, customer files are the new source of wealth for companies. However, the processing of this so-called “personal” data is strictly regulated, in particular thanks to the principle of consent, which allows individuals to exercise real control over the processing of their data. The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, specify the conditions for obtaining and demonstrating valid consent.

Démonstrate compliance with the GDPR

Since 25 May 2018, companies have been obliged to comply with the provisions of the General Data Protection Regulation (GDPR).  One of the major changes of the GDPR concerns the abolition of the obligation to declare processing operations to the “Commission nationale de l’informatique et des libertés” (CNIL) in favour of the principle of accountability. In this context, the controller has the obligation to implement internal procedures to prove compliance with the GDPR.

Protection of secrets

Sensitive information that must remain secret, such as information about a patient’s health, exchanges between a lawyer and his client or the strategy of a company, is subject to specific protection by the legislator. The use of new technologies and associated risks, such as cyber-attacks, may also require the implementation of appropriate technical protection measures.

Endcryption and law

For thousands of years, encryption has been used to make information unintelligible to anyone who is not authorized to receive it. Indeed, the fear of interception was at the root of the development of codes and numbers, techniques used to disguise a message so that only its intended recipient could read it. However, it was not until the entry into force of the « loi sur la confiance dans l’économie numérique (LCEN) » in 2004, that a right to data encryption was introduced in France. This technology is also highly recommended for companies in order to guarantee trade secrets. The French Data Protection Authority (CNIL) has also positioned itself in favour of data encryption as a means of securing personal data.