Data protection law is undergoing vigorous development:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, entered into force on 25 May 2016 and is applicable to the whole continent as of 25 May 2018;
- The update (in two instalments!) of the “IT and Civil Liberties/Informatique et Libertés” Law with Ordinance No. 2018-1125 of 12 December 2018 passed in application of Article 32 of Law No. 2018-493 of 20 June 2018 relating to personal data protection, amending Law No. 78-17 of 6 January 1978 relating to IT, data files and civil liberties, and miscellaneous provisions on personal data protection.
- Business Intelligence, Big Data, digitisation, cross-channel, artificial intelligence, etc. are all technologies that use personal data as a raw material.
Compliance projects have proliferated, first in the large groups that became aware of the implications for them of implementing the Regulation (in a surprisingly short time), and currently in entities of all sizes (companies, associations).
It is therefore the right time to conduct compliance audits, implement compliance measures,appoint DPOs, review and renegotiate contracts, reflect on the data to be collected and processed, bring certain situations into compliance, such as the transfer of data outside the EU, etc.
Moreover, in addition to its on-site inspections, the CNIL is increasing online inspections, which enable it to check, particularly, compliance with the regulations on cookies.