France's data protection authority, the Commission Nationale
De L'informatique et Des Libertés (CNIL), released a new
mandatory online notification procedure for French
electronic communications service providers (Providers) to rapidly
report data breaches to CNIL in compliance with new EC Regulation (No.611/2013) (the
Any data breach must be reported to CNIL via a new standardized
online notification form in accordance with Article
2(4) of the Regulation. The notification must include all details
set out in Annex I of the Regulation and be made no later than 24
hours after the detection of the breach. Where full details cannot
be provided, organisations must make an initial notification with
additional information provided no later than 3 days after the date
of the breach. Such additional notification must also be provided
to the individual whose data was adversely affected by the
Individuals need not be notified if the Provider can demonstrate
that it has implemented security measures rendering that data
unintelligible. The CNIL has two months to check the adequacy of
any security measures, which may include encryption or data
hashing/masking. Under existing French Law, Providers must maintain
a registry of data breaches which CNIL is entitled to audit. The
CNIL may issue penalties of up to 300,000 euros and there is the
potential for up to five years imprisonment for failing to comply
with the data breach notification requirement.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).