The number of GDPR inspections conducted by the CNIL is on the rise. Recap of the different types of inspection.
After giving companies and organisations an adjustment period following the entry into force of the EU General Data Protection Regulation (GDPR) on 25 May 2018, the CNIL intends to step up its inspections and sanctions in the coming months. The objective? Incite businesses to upgrade their systems in order to be compliant more quickly.
The GDPR applies to large groups, SMEs, start-ups, associations and professions, whatever their level of development or whoever processes their personal data, i.e. who collects, stores and uses it.
The CNIL is the supervisory authority in France for the GDPR. Each year, it defines an annual inspection programme. In 2019, the priorities were to respect the rights of individuals, allocate responsibilities between sub-contractors and contractors and process the data of under-18s. The CNIL can also decide to carry out an inspection following a complaint or a report on a particular company.
Inspections can entail various types of measure depending on the infringement. When an insignificant breach is recorded by the CNIL, it can send comments to the business manager by post. On the other hand, when the breach is more significant, the CNIL sends a formal notification to the company asking it can make corrections or applying sanctions.
They can consist of the following, including but not limited to:
To help you comply, CTN France provides assistance and places real specialists at your disposal.
Leave us a message and we will get back to you as soon as possible.