New Legislation | In Depth Look: France Tackles Inscribing GDPR

Profession:Flichy Grangé Avocats

The new law adapts the previous text of 6 January 1978 relating to data, files and freedoms to the GDPR legal framework that entered into force on 25 May 2018.   The text defines the field of missions of the National Commission for Informatics and Liberties (CNIL), in accordance with the GDPR. The CNIL becomes the national supervisory authority for the application of the GDPR. It supports the publication of standards, codes of conduct and standard regulations on the new obligations of operators. It can certify organizations and services. It can be consulted by Parliament on questions of personal data.   For the economic actors, the text replaces the a priori control system, based on the prior declaration and authorization regimes, with a system of ex post facto control, based on the controller's assessment of the risks in terms of Data protection. In return, the powers of the CNIL are strengthened, and the penalties incurred can reach up to 20 million euros or 4% of the global consolidated annual turnover.   Preliminary formalities are maintained for the most sensitive data, such as the biometric data necessary for the identification or monitoring of the identity of persons, genetic...

To continue reading