Tag Archives for " CNIL "

CNIL issues guidelines to companies for GDPR compliance

The General Data Protection Regulation (GDPR) will come into effect on May 25th, and companies are expected to start implementing measures for compliance with the new data protection rules. In this context, the French data protection authority (CNIL) has recently published guidelines exposing its strategy on how it expects companies to comply with the GDPR.

Source: CNIL issues guidelines to companies for GDPR compliance

New guide regarding security of personal data from French DPA

The GDPR provides in Article 32 that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

But it is sometimes difficult, when one is not familiar with risk management methodologies, to implement this approach and to ensure that the minimum has been done. To help professionals in their compliance, the CNIL publishes a guide reminding the basic precautions to be implemented systematically.

Source: A new guide regarding security of personal data | CNIL

CNIL’s notice on collection of smart meters data shows likely approach of DPAs post-GDPR

The French data protection authority (‘CNIL’) announced, on 27 March 2018, that it had issued a formal notice to DIRECT ENERGIE, Société Anonyme, for failing to obtain consent for the collection of customer usage data from its Linky smart meters, and ordered it to collect valid consent for the processing, including from those whose data has already been processed, within three months of receiving of the notice.

Source: France: CNIL notice to DIRECT ENERGIE on collection of smart meters data “indication of likely approach of DPAs post-GDPR”

French businesses urged to have compliance plan for GDPR

Businesses operating in France will need to have a compliance plan in place if they want to avoid potential sanctions for breaches of the EU’s General Data Protection Regulation (GDPR).

Commission Nationale de l’information et des Liberties (CNIL), the French data protection authority, would be likely to consider the steps businesses were taking towards compliance in determining whether to take enforcement action once the GDPR begins to apply. This is because most businesses in France are unlikely to be fully compliant with the GDPR by 25 May this year, the date on which the new Regulation takes effect, she said. Richard said it was welcome that the CNIL had recognised this fact in a recent statement.

Source: French businesses urged to have compliance plan for GDPR

CNIL flexible on enforcement of new obligations for first months of GDPR regime

France’s Data Protection Authority, the CNIL, announced last month that in the first months of implementation of the GDPR, it may not sanction beaches of new obligations or rights resulting from the GDPR, such as the right to data portability and impact assessments.

This period of grace, however, requires that the organisations are engaged in the compliance process, are of ‘good faith’ and cooperate with the CNIL. However, if the CNIL detects breaches of well-established data protection principles, it will act immediately.

Source: CNIL flexible on enforcement of new obligations for first months of GDPR regime – Privacy Laws & Business

French DPA takes pragmatic approach to GDPR enforcement

The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018.

Source: France: CNIL takes ”very pragmatic approach” to GDPR enforcement

French DPA publishes guidelines on connected vehicles

The compliance package has been elaborated in consultation with stakeholders from the automobile sector, businesses in the insurance and telecoms sectors, as well as public authorities, in order to constitute a sectorial reference framework and to ensure that car users enjoy transparency and control in relation to their data.

Source: Connected vehicles: a compliance package for a responsible use of data

WP29 Presidency 2014 – 2018: Track Record 

Over the 4 years, the Working Party was involved in key events and actions such as the CJEU’s Google Spain ruling and operationalizing the right to be forgotten, the invalidation of the Safe Harbor and the adoption of the Privacy Shield, construction to adoption and implementation of the GDPR, key enforcement operations.

Source: WP29 Presidency 2014 – 2018: Track Record | CNIL

French DPA Publishes New Security Guidelines

On January 23, 2018, the French data protection authority (the CNIL) published new guidelines on the security of personal data (updating its previous security guide published in 2010 available in English ), providing practical recommendations in the form of “Do’s and Dont’s” to help businesses implement appropriate measures to protect personal data in compliance with the General Data Protection Regulation (“GDPR”).

Source: FRANCE: CNIL New Security Guidelines

1 2 3
>