RGPD
I. Introduction
On June 20, 2018, France adopted Law No. 2018-493 relating to the protection of personal data, implementing the General Data Protection Regulation (GDPR). This law revises and consolidates the 1978 Data Protection Act.
The National Commission for Information Technology and Liberties (CNIL), as the national supervisory authority, is responsible for overseeing, guiding, and enforcing the GDPR and its implementing regulations in France.
Thus, France has put in place a personal data protection system that complies with European Union requirements.
II. Scope of Application
The regulations implementing the GDPR in France apply to:
any controller or processor established on French territory;
any organization located outside of France offering goods or services to individuals located in France, or monitoring their behavior within French territory.
Regardless of the processing location, as long as it concerns the personal data of individuals located in France, the law applies.
It covers automated processing as well as non-automated processing that forms part of a filing system.
Activities of an exclusively personal or domestic nature are not covered by its scope.
III. Principles of Data Processing
Lawfulness, fairness, and transparency: All processing must be based on a clear legal basis and conducted with full transparency.
Purpose limitation: Data can only be used for specific and legitimate purposes.
Data minimization: Only strictly necessary data should be collected.
Accuracy: Data must be accurate and regularly updated.
Storage limitation: Data should only be retained for the strictly necessary period, then deleted or anonymized.
Security and confidentiality: Appropriate technical and organizational measures must be implemented to prevent any breach, alteration, or loss of data.
IV. Rights of Data Subjects
In accordance with the GDPR and French law, individuals have the following rights:
Right to information and access;
Right to rectification;
Right to erasure (right to be forgotten);
Right to restriction of processing;
Right to data portability;
Right to object.
For minors under 15 years of age, the processing of their data requires the consent of a parent or legal guardian, and information must be provided to them in clear and understandable language.
V. Obligations of Processors
Processors must:
strictly comply with the written instructions of the controller;
implement appropriate security measures;
assist the controller in fulfilling their obligations, particularly in responding to data subjects' requests;
notify the controller without undue delay in the event of a data breach, who must then inform the CNIL within 72 hours.
Controllers must maintain a record of processing activities and conduct a Data Protection Impact Assessment (DPIA) in case of high risk.
Certain organizations must also appoint a Data Protection Officer (DPO) and register with the CNIL (French Data Protection Authority).
VI. International Data Transfers
When a transfer to a non-EU country is contemplated, the controller must ensure an adequate level of protection. This can be achieved through:
an adequacy decision by the European Commission;
or the signing of Standard Contractual Clauses (SCCs).
Since the invalidation of the "Privacy Shield" on July 16, 2020, French companies must use the new Standard Contractual Clauses adopted on June 4, 2021, or any other legal mechanism.
VII. Control and Enforcement
The CNIL has extensive powers, including:
issuing warnings or formal notices;
restricting or prohibiting certain processing operations;
imposing fines of up to 20 million euros or 4% of global turnover, whichever is higher.
French law also allows individuals to give instructions regarding the use of their data after their death. Failing this, processing must comply with applicable regulations.
The French framework for implementing the GDPR aims to guarantee individuals' rights, strengthen corporate compliance, and promote trust in the digital environment.
VIII. Contact
Store Name: Parti prisaussi
Email: info@partiprisaussi.com
Customer Service Number: +33 02 40 89 55 03
Address: 11 Passage Pommeraye, 44000 Nantes, France
Opening Hours: Monday to Friday, 9:00 AM – 6:00 PM (CET)