RGPD & Données personnelles

Data & Databases – The Framework for Data Collection

Big Data & collectes de données - RGPD & CNIL - Nouvelles technologies

The rise of new technologies in professional activities has revealed a new resource that is particularly sought after today: data.

Databases, personal data, big data, the internet of information—all these terms encompass the new source of economic value for businesses across all sectors. The legal framework governing its collection, use, and protection is therefore a considerable challenge.

GDPR and data: the framework for data collection

The legislation in this area is particularly complex because there is no unified body of law governing information and communication technologies, based on common principles and consolidated into a single legal framework. Instead, it comprises a variety of texts and articles of law scattered across all relevant codes and professional sectors.

For example, the protection of databases under antitrust law is currently more readily available than their protection under copyright law or database producer rights.

The General Data Protection Regulation (GDPR) represented a significant step forward in this area, imposing general rules on companies based on their responsibility. They are now responsible for demonstrating the due diligence they have undertaken to comply with the legislation. This responsibility regime also extends to subcontractors – hosting providers, SaaS application providers, etc. – who are subject to specific obligations, often requiring ad hoc contracts that precisely define the scope of their tasks and the conditions of access to and use of data.

Data & GDPR Compliance: Obligations for Professionals

A company’s compliance with personal data regulations now requires it to be vigilant regarding a number of formalities and procedures that guarantee its good faith and, above all, its legal protection, particularly concerning:

  • The drafting of customer/supplier/subcontractor contracts with specific and relevant clauses;
  • The establishment of a Data Protection Officer (DPO) and the creation of documents such as a Data Register, impact assessments, etc.;
  • Information provided to data subjects – terms and conditions, newsletters, training materials;
  • Contracts for hosting personal data, including sensitive data, in Europe or beyond – health data, biometric data, etc.;
  • Any formalities related to the supervisory authority, the CNIL (French Data Protection Authority);
  • Technical guarantees for protection, security, and responsiveness in the event of a data breach.

Écrit par :

Publié le : 12/11/2019
Mis à jour le : 17/11/2025

PX Chomiac de Sas

Sur le même sujet :

Toutes les ressources >
2025.12.03 Lencadrement des contenus de jeu video

E-SPORT & JEUX VIDÉO

2025.12.03 – Regulation of video game content : Schedule 1

 Enfants influenceurs - YouTuber, Twitcher, Streamer - Code et contrat de travail

Internet & NTIC

Child influencers: a legal framework to protect their work

 RGPD et CNIL - Ciblage publicitaire et contrôle - Données personnelles et publicité - PCS Avocat

RGPD & Données personnelles

GDPR: Targeted advertising and CNIL oversight

 Esport & Publicité - Diffusion de compétition de jeux vidéo & sponsors

E-SPORT & JEUX VIDÉO

Esports & Advertising – Broadcasting of video game competitions & sponsorships