fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " France "

CNIL releases a free software for PIA

This user-friendly tool, available both in French and in English, unfolds the PIA methodology CNIL has been developing since 2015. Following this methodology will allow organisations to be compliant with the requirements defined in the WP29 Guidelines on Data Protection Impact Assessment adopted in October 2017.

Source: CNIL releases a free software for PIA – a tool to help data controllers carry out data protection impact assessment

CNIL serves notice to cease serious breach of privacy of connected toys

The robot «I-QUE» and the doll «My Friend Cayla» are so called “connected toys”. They answer children’s questions on various subjects such as mathematical calculations or concerning the weather. The toys are equipped with a microphone and speaker and are associated to a mobile application downloadable on smartphones or tablets.

Source: Connected toys: CNIL publicly serves formal notice to cease serious breach of privacy because of a lack of security

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016 .

Source: French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Controller and Processor standard clauses

The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données: un guide pour accompagner les sous-traitants” and “ Directrices para contratos responsable – encargado” respectively.

Source: Controller and Processor standard clauses

CNIL Publishes GDPR Guidance for Data Processors

On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation (“GDPR”). The guidance addresses the extended scope of the GDPR and the new and direct obligations data processors will have when the GDPR comes into force on May 25, 2018.

Source: CNIL Publishes GDPR Guidance for Data Processors

French DPA adopts new single authorisation on fraud prevention systems

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The new AU-054 provides a blanket authorization for entities processing personal data for purposes related to the prevention/detection of external fraud in the banking and financial sector assuming they adhere to a strict set of conditions set forth by the CNIL, the most significant of which are summarized below.

Source: FRANCE: CNIL ADOPTS NEW SINGLE AUTHORIZATION ON FRAUD PREVENTION SYSTEMS | Privacy Matters

CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

On September 19, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on two topics identified by the Article 29 Working Party  in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

European Court to France: DNA Database Violates Fundamental Rights

The European Court of Human Rights decided on June 22, 2017 that France’s DNA database for convicted criminals disproportionately interferes with individuals’ privacy rights because of its one-size-fits-all retention period and the failure to include a procedure to request erasure.

Source: European Court to France: DNA Database Violates Fundamental Rights | HL Chronicle of Data Protection

>