CNIL Controls Charter: Understand Everything

The CNIL, French Data Protection Authority, has published its new Control Charter which contains information on how CNIL enforces GDPR and the Data Protection Act. The CNIL has several missions and powers, including the possibility of controlling and sanctioning organizations.

The CNIL checks can be carried out on site, in its premises,online or on documents. It has published the following statistics:

·       • 300 checks were carried out in 2019, including 53 online checks and 45 off-site checks;

·       • Complaints and claims are a major source of checks (43% in 2019).

The CNIL can also initiate investigations, for example in response to current events. In addition, each year it establishes a program of priority themes for future inspections.

The purpose of the CNIL Control Charter is to recall the rights and obligations of the controllers and processors, subjects to the Data Protection Act and the GDPR. The CNIL also provides detailed information about the process and consequences of its investigations, regardless of their modality, as well as the principles of good conduct to be followed in this context.

The press release is available here and the Control Charter here.

Photo by UX Indonesia on Unsplash.