GDPR
I. Introduction
On June 20, 2018, France adopted Law No. 2018-493 on the protection of personal data, in order to implement the General Data Protection Regulation (GDPR). This law revises and consolidates the 1978 Data Protection Act.
The Commission Nationale de l'Informatique et des Libertés (CNIL), as the national supervisory authority, is responsible for supervising, guiding and applying the GDPR and its implementing texts in France.
Thus, France has set up a system for the protection of personal data in accordance with the requirements of the European Union.
II. Scope
The GDPR regulation in France applies to:
any data controller or subcontractor established on French territory;
any organization located outside of France offering goods or services to individuals located in France, or monitoring their behavior on French territory.
Regardless of where the processing is carried out, as long as it concerns the personal data of persons located in France, the law applies.
It covers automated processing as well as non-automated processing that is part of a file system.
Activities of an exclusively personal or domestic nature do not fall within its scope.
III. Data Processing Principles
Lawfulness, fairness and transparency: Any processing must have a clear legal basis and be conducted in a transparent manner.
Purpose Limitation: Data may only be used for specific and legitimate purposes.
Data minimization: Only strictly necessary data should be collected.
Accuracy: Data must be accurate and updated regularly.
Limitation of retention: Data must only be kept for as long as is strictly necessary and then deleted or anonymised.
Security and confidentiality: Appropriate technical and organizational measures must be put in place to prevent any breach, alteration or loss of data.
IV. Rights of data subjects
In accordance with the GDPR and French law, individuals have the following rights:
Right to information and access;
Right to rectification;
Right to erasure (right to be forgotten);
Right to restriction of processing;
Right to data portability;
Right to object.
For minors under the age of 15, the processing of their data requires the consent of a parent or legal guardian, and the information must be provided to them in clear and understandable language.
V. Obligations of subcontractors
Subcontractors must:
strictly comply with the written instructions of the data controller;
implement adequate security measures;
assist the data controller in the exercise of its obligations, in particular to respond to requests from data subjects;
notify the data controller without delay of any data breach, who must inform the CNIL within 72 hours.
Controllers must keep a register of processing activities and carry out a data protection impact assessment (DPIA) in case of high risks.
Some organizations must also appoint a data protection officer (DPO) and a registrar with the CNIL.
VI. International Data Transfers
Where a transfer to a non-EU country is envisaged, the controller must ensure an adequate level of protection. This can be achieved through:
an adequacy decision by the European Commission;
or the signing of the Standard Contractual Clauses (SCC).
Since the invalidation of the "Privacy Shield" on July 16, 2020, French companies must use the new standard contractual clauses adopted on June 4, 2021 or any other legal mechanism.
VII. Monitoring and implementation
The CNIL has extensive powers, including:
write warnings or formal notices;
restrict or prohibit certain processing;
Impose fines of up to €20 million or 4% of global turnover, whichever is greater.
French law also allows individuals to formulate guidelines regarding the use of their data after their death. Otherwise, the processing must comply with the rules in force.
The French GDPR framework aims to guarantee the rights of individuals, strengthen business compliance and promote trust in the digital environment.
VIII. Contact
Store Name: Interieur Et Convertible
Phone: +33 1 46 28 15 18
E-mail: info@interieuretconvertibl.com
Address: 159 Avenue Daumesnil 75012 Paris, France
Opening hours: Monday to Friday, 9:00 a.m. to 6:00 p.m. (Central European Time, CET)