Javascript is required
logo-dastralogo-dastra

What is the general data protection regulation?

The GDPR (General Data Protection Regulation) is a European regulation that came into effect in 2018, which governs the collection and processing of personal data within the European Union. It requires organizations to implement concrete measures to ensure transparency, security, and respect for the rights of individuals, under the threat of significant financial penalties in case of non-compliance.

Why comply with the general data protection regulation?

Complying with the general data protection regulation is much more than a legal obligation, it is:

  • Strengthening trust and transparency towards clients
  • Effective protection of personal data
  • Better governance of your organization's data
  • The assertion of your position as a responsible stakeholder in the digital economy

Simplify your GDPR compliance with our Dastra governance solution

Optimize the management of personal data through automation and a clear overview. Save time, minimize risks, and strengthen your clients' trust, all with an intuitive and secure solution.

Create and maintain the record of processing activities

Comply with the obligation of Article 30 of the GDPR and benefit from a powerful management tool designed by GDPR experts for DPOs. Document processing activities using templates, questionnaires, or even AI to increase efficiency and finally keep them up to date!

Simply map your personal data processing!

Collaborate effectively with a set of pre-configured records designed to facilitate teamwork. Enrich your repositories and link them to your processing activities, data breaches, rights exercise requests, and files for comprehensive and centralized management.

Manage rights exercise requests efficiently!

From receiving requests to processing them, including secure authentication, centralize and track requests from your employees, clients, and contractors directly on the platform. Simplify management while ensuring compliance and security.

Manage personal data breaches effectively!

Record and track breaches detected internally or reported by your subcontractors, then assess their level of risk for optimal management.

Facilitated reports and audits

Easily generate compliance reports and audits with one click using our document automation solution. Save time and focus on what matters! Export your record in a multitude of formats (PDF, Excel, CSV, JSON, Word, Markdown...) in just a few clicks.

Create and maintain the record of processing activities

Main features

You are

Case study

“For me, Dastra is the tool I can't do without.”

Margreet Bruinsma, DPO

Articles that may interest you

What are the 3 principles of the GDPR?

The three main principles of the general data protection regulation are:

  1. Transparency, fairness, and legality: Personal data must be collected and processed in a transparent, lawful, and fair manner. This involves informing the data subjects about how their data will be used and ensuring that they provide informed consent.

  2. Data minimization: Only the data necessary for the specific purpose should be collected. This principle encourages companies to limit the amount of personal data they process, thereby reducing risks to individuals' privacy.

  3. Security and confidentiality: Personal data must be protected against unauthorized access, processing, or disclosure. Companies must implement technical and organizational measures to ensure the security of the personal data they process.

What are the main obligations of the GDPR?

  • Inform the data subjects clearly and accessibly about the use of their data (purpose, retention period, rights, etc.).

  • Justify a legal basis for each processing (consent, contract, legitimate interest, etc.).

  • Respect the rights of data subjects (access, rectification, erasure, objection, etc.).

  • Ensure the security of personal data: appropriate technical and organizational measures must be implemented to protect data against risks of loss, unauthorized access, or disclosure.

  • Document all processing activities in a record, especially starting from 250 employees or in the case of sensitive or non-occasional processing.

  • Notify data breaches to the CNIL (or other competent authority) within 72 hours, and sometimes, to the affected data subjects.

  • Frame relationships with subcontractors through formalized contracts, to ensure their compliance with GDPR requirements and clarify each party's responsibilities.

What are the prohibitions of the general data protection regulation?

The GDPR prohibits the collection and use of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data allowing for the unique identification of a person, health information, or data related to an individual's sexual life or sexual orientation.

However, there are exceptions to this prohibition, including:

  • If the data subject has given explicit consent, which must be free, specific, informed, and preferably in writing.

  • If the information has been manifestly made public by the data subject.

  • If this data is necessary for the protection of human life.

  • If its use is justified by a public interest and authorized by the CNIL.

  • If it concerns members or affiliates of an association or political, religious, philosophical, or trade union organization.

A small step for DPOs, a big step for data protection

Dastra.eu is free to try, easy to set up, and work seamlessly together.

Free 30 day trial - No credit card required - No commitment

Data processing
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.