Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures:
- It received more than 600 personal data breach notifications, i.e., about 7 notifications each day, involving approximately 15 million individuals.
- It received 3,767 complaints from individuals. As we commented on this blog, a few “collective” complaints were filed against Google, Amazon, Facebook, LinkedIn and Apple.
- 24,500 organizations appointed a Data Protection Officer in France.
- It received more than 100 requests for authorization of processing activities in the health sector, a sector for which we know the GDPR raises a lot of questions.
The French Authority also announced that it will soon release new regulatory tools such as reference guides on clients/prospects management and human resources and the mandatory set of compliance rules for biometric processing activities.