French Data Protection Authority Takes Stock After 4 Months of GDPR

Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures:

  • It received more than 600 personal data breach notifications, ‎i.e., about 7 notifications each day, involving approximately 15 million individuals.
  • It received 3,767 complaints from individuals. As we commented on this blog, a few “collective” complaints were filed against Google, Amazon, Facebook, LinkedIn and Apple.
  • 24,500 organizations appointed a Data Protection Officer in France.
  • It received more than 100 requests for authorization of processing activities in the health sector, a sector for which we know the GDPR raises a lot of questions.

    The French Authority also announced that it will soon release new regulatory tools such as reference guides on clients/prospects management and human resources and the mandatory set of compliance rules for biometric processing activities.

Leave a Reply

Your email address will not be published. Required fields are marked *