On May 25, 018, the new "EU General Data Protection Regulations" is about to take effect. This regulation aims to standardize the business practices of all countries in the EU to protect the personal data of EU residents. From May 2018, the vast majority of market participants will need to change their personal data collection system to comply with this new European regulation. This covers “any personal data about the composition of natural persons or “data subject”, including name, IP address, localization details, etc...” Whether you are a small, medium or large company, this column applies For all companies that use user data, no matter which industry. Since we are now less than two months away from the entry into force of this provision, reading the following five-point summary can give you a quick overview of the important points. 1. Set up dual options From May 2018, the new regulations will no longer allow companies to send "unsolicited" e-mails to Internet users. They need to set up dual choices for their email campaigns and join the delivery system to clearly and explicitly inform users of their collected data and obtain their consent. The first choice will be when the individual fills in the form to explain why the e-mail was collected. Once the customer accepts this step by ticking the box, the second choice will be emailed for confirmation. In this confirmation, the person agrees to receive the information they agreed to during the first opt-in period. After passing this item, the information is added to the database. For customers who are already in your company's database, you need to send them a personalized email to get their permission to continue contacting them. Although this dual choice may slow down the acquisition of new customers, this setup will allow the company to have a more qualitative database, which will also promote the integration of the market. 2. Adjust your cookies As a website owner, you must tell the user when cookies will collect information they have browsed (eg "This site uses third-party cookies to obtain browsing statistics. If you continue to use the site, we It assumes that you have accepted such use.") However, at this time, even if the user does not click the "OK" or "I understand" button when visiting other pages on the site, the cookie will be downloaded to the browser. With this new provision, the cookies program will be strengthened by installing new and more detailed acceptance buttons. Therefore, the user will be able to control all of their cookies, and if the cookie is not accepted by clicking the "Allow or Decline" button, the user will no longer be able to access the site. 3. Data Management For users who do not want to collect their data, the company will be required to encrypt it. Replace your username with an alias to ensure that your personal information is kept confidential. In addition, if visitors to your site accept your data collected by them, they also have the right to delete it. This means that they have the right to demand that the customer data collected on your platform be completely removed (if necessary) to ensure full control over their data. 4. Searching for potential customers by email under certain conditions In this article, companies will no longer be allowed to send marketing emails (either B2C or B2B) to their clients if they do not receive the explicit consent of their clients. This explicit instruction also applies to information on mailing lists or business cards collected during the show. 5. Cooperation with 'Compliance' Companies This provision applies not only to the company itself. Your company will also be responsible for abusing your data with suppliers that you work with. Therefore, it is important to work with “compliance” business partners to ensure the correct application of this clause. In addition, in order to supervise the implementation of this provision, Lengo de France strongly recommends the establishment of a data custodian. He needs to inform the company and its collaborators how to respond to changes in commercial terms and provide advice. To prove your compliance, you need to take a series of measures (such as those listed above) and prove that you are providing written data protection.