Documentation required by the CNIL, all reporting formalities to be made to the CNIL before the implementation of a personal data processing; depending on the case, it may be a declaration or a request for authorization.
WHAT IS THE CNIL
As we can read on his page, the CNIL is the regulator of personal data:
In the digital world, the National Commission of Computing and Freedoms (CNIL) is the regulator of personal data. It supports professionals in their compliance and helps individuals to control their personal data and exercise their rights
THE CNIL DECLARATION
Since 2006, he has to declare any data file submitted to a personal data processing . Data processing, this means that if you collect, store (with a database), use, and / or transmit this data to commercial partners, an administrative formality must be established with the CNIL . and in the event of non-compliance, the penalty incurred by the person liable is a fine of up to € 300 000 and 5 years’ imprisonment.
EUROPEAN REGULATION ON
THE PROTECTION OF PERSONAL DATA
The GDPR, which will change for the professionals on May 25, 2018:
Un cadre juridique unifié pour l’ensemble de l’UE
Un renforcement des droits des personnes
Une conformité basée sur la transparence et la responsabilisation
Des responsabilités partagées et précisées
Le cadre des transferts hors de l’Union mis à jour
Des sanctions encadrées, graduées et renforcées
THE 6 OBLIGATIONS OF THE
GENERAL DATA PROTECTION REGULATION FOR MAY 2018:
Am I in compliance?
It is the obligation for companies to implement internal mechanisms and procedures to demonstrate compliance with the rules on data protection
Manage the CNIL’s obligation to report security breaches that accidentally or unlawfully result in the loss, alteration, and unauthorized access to personal data
It is the obligation to create information systems, processing personal data or to treat them, conform to their design and thus offer the highest possible level of data protection
As the CIPF / DPO is responsible for ” taking all the necessary precautions, it must therefore conduct all studies to identify the risks involved in processing personal data before determining the appropriate means to reduce them.
Mandatory appointment of a Data Protection Officer to implement (internally or externally) compliance with the European Data Protection Regulation . It is mandatory in the public service and in the private sector for entities whose basic activities lead them to carry out regular and systematic monitoring of large-scale people.
DMPS can help you put your compliance in place as quickly as possible…
What are the attributes of a good Data Protection Officer (DPO)?
- Know how to create, and manage the processing of collected data.
- Keep the record of treatments in case of control.
- Ensuring the compliance of treatments with both the law and the conditions of his body.
- Create and maintain mandatory documents listing internal mechanisms and procedures that demonstrate compliance with data protection rules.
- Knowing how to create information systems, processing personal data or allowing them to be processed, conform to their conception, offering the highest possible level of data protection.
- Study to identify the risks caused by the processing of personal data before determining the appropriate means to reduce them.