Four months after the GDPR came into effect, the French Data Protection Authority ("CNIL") published a first assessment with some impressive figures:

  • It received more than 600 personal data breach notifications, ?i.e., about 7 notifications each day, involving approximately 15 million individuals.
  • It received 3,767 complaints from individuals. As we commented on this blog, a few "collective" complaints were filed against Google, Amazon, Facebook, LinkedIn and Apple.
  • 24,500 organizations appointed a Data Protection Officer in France.
  • It received more than 100 requests for authorization of processing activities in the health sector, a sector for which we know the GDPR raises a lot of questions.

    The French Authority also announced that it will soon release new regulatory tools such as reference guides on clients/prospects management and human resources and the mandatory set of compliance rules for biometric processing activities.

To view Foley Hoag's Security, Privacy and The Law Blog please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.