By Florence Chafiol-Chaumont from August &
The CNIL very recently announced on its website that it has
performed investigations into approximately fifty companies in
order to check if they respect their obligations in terms of the
protection of their employees' personal data. These
verifications led the CNIL to identify two issues: "the
implementation conditions of professional alerts systems and the
transfer of data to countries that do not belong to the European
Community." In these respects, it was found that the subject
companies do not comply with the Act of January 6, 1978, on the
processing of personal data.
The transfer of personal data to a country that does not belong
to the European Union (except for a few countries) is subject to a
particular formalism so as to ensure an equivalent level of
protection to that existing inside the Union. Furthermore, the
person whose personal data is transferred abroad must benefit from
very precise information, the precise content of which has been
defined in a decree dated March 5, 2007.
In the same way, the implementation of a professional alert must
comply with the requirements defined by the CNIL regarding this
matter. If the professional alert system complies perfectly with
the requirements defined in the unique decision of the CNIL dated
December 5, 2005, such a system can be implemented after sending to
the CNIL a commitment to conform to this decision. However, if the
considered system does not satisfy the requirements defined by the
CNIL, its implementation shall be subject to the CNIL's
authorization. As far as we know, up to date, no derogatory
professional alert system has ever been authorized.
These issues having been subject to an increased watchfulness
from the CNIL, it is strongly recommended that companies comply
with these rules before the CNIL starts to sanction offenders:
financial and criminal sanctions are at stake!
*August & Debouzy, Nabarro and GSK Stockman &
Kollegen have announced the entry of two new law firms into their
international alliance. Italian firm Nunziante Magrone and Spanish
firm Rodés & Sala have joined the network, which has
covered England, France and Germany up until now. This alliance was
set up by the English firm Nabarro and now counts over 800 lawyers
based in the five countries.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).