According to the Law, the definition of the personal data is “any information relating to an identified or identifiable natural person". This is to say that any company that holds any kind of data of its clients and/or employees and/or commercial partners, shall mandatorily comply with the Law.
If acompany does not fulfill (even partly) those obligations, your management is facing prison sentences and the company may be subject to administrative fines, that are to be published in a major newsletter, harming the trademark of the company.
This risk is accurate and actual. Here are some of those obligations :
- "Personal data must have been obtained with the consent of either person or have been obtained by the presence of one of the reasons for compliance with the law";
- "Before giving consent, the person should be informed about his/her data";
- "Personal data must comply with the law and good faith"
- "Personal data must be accurate and updated when necessary”