The National Commission for Informatics and Freedoms (CNIL) recently announced its plan of action for 2019. As in previous years, the CNIL action will be based on two axes: the monitoring of professionals in the implementation of the RGPD and the control of the fulfillment of their obligations . As for the last point, the Life Processor deprives the French citizens that it will place special emphasis on respect for rights, the processing of data for minors and the distribution of responsibilities between the controller and the subcontractors.
By 2018, almost 73% of the complaints received by the CNIL related to non-compliance with a fundamental right, be the existing rights in the Data Protection Law and the new obligations arising from the RGPD, such as the right to portability. data. In order to contain this phenomenon, the French citizen's private life policeman guaranteed that it would be the case of the observation of deficiencies, while at the same time judging the choice of corrective measures (closing with observations reminding the organization of its obligations, penalty of fine). , formal notification, monetary penalty). He will take action on a case-by-case basis to determine the most appropriate consequences.
In this sense, the regulatory body ensures that, in terms of control and repressive policy, 2019 marks the end of the transition phase between old and new legislation, which the CNIL had announced in early 2018. Until now, abstaining from sanctioning non-compliance with the RGPD's news obligations, and by focusing its repressive action on the obligations that follow the law of January 6, 1978, CNIL wanted to allow controllers to understand and progressively assimilate the RGPD requirements adopted in 2016.
In addition to the particular concern that the current problem of child data treatment considers to be a vulnerable public, CNIL will also insist on the distribution of responsibilities between controllers and subcontractors, knowing that the RGPD imposes new restrictions on subscribers. contractors, whose obligations are directly responsible.
The professionals and companies targeted by the RGPD are therefore warned: the CNIL will be more rigorous when it is necessary to verify that new obligations and new rights of the European framework (impact analysis, maintenance of a register of treatments and violations) are really respected. .
Is that you
What do you think?
Do you consider CNIL's efforts sufficient in 2019 to effectively protect people's rights?
What are your expectations for 2019 in relation to this institution?
La Cnil condemns Bouygues a fine of 250,000 euros for a security breach that affected data from more than two million customers
CNIL inflicts a record fine of 50 million euros on Google, the first penalty of a US glove under the RGPD
CNIL 2018 Report: RGPD raises the number of annual complaints by 32.5%, which represents more than 11 thousand complaints