We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

French DPA Publish Accountability Standards

27 January 2015

In anticipation of the EU General Data Protection Regulation and the principle of accountability, the French Data Protection Authority (CNIL) have published guidance on their accountability standard which indicates that data controllers need:

  • Implementation of a formal internal Data Protection Policy
  • The appointment of a Data Protection Officer (DPO)
  • Regular compliance assessment
  • Breach notifications within 72 hours of discovery of a data breach

Of interest is the fact that the CNIL accountability standards indicate that the DPO is required to keep a compliance manual that includes:

  • The name and address of the DPO
  • The duties of the DPO in respect of data processing
  • The description of processing activities
  • Categories of personal data to be processed
  • Data retention periods
  • Information Security Standards
  • Information on data flows and where data is to be transferred
  • Existence of sub-processors
  • Specific risks associated with categories of data (particularly sensitive data) and
  • Use of cookies by the data controller

The CNIL accountability standards are therefore a good indication of the future duties and roles of the DPO.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com