CNIL flexible on enforcement of new obligations for first months of GDPR regime

France’s Data Protection Authority, the CNIL, announced last month that in the first months of implementation of the GDPR, it may not sanction beaches of new obligations or rights resulting from the GDPR, such as the right to data portability and impact assessments.

This period of grace, however, requires that the organisations are engaged in the compliance process, are of ‘good faith’ and cooperate with the CNIL. However, if the CNIL detects breaches of well-established data protection principles, it will act immediately.

Source: CNIL flexible on enforcement of new obligations for first months of GDPR regime – Privacy Laws & Business

>