This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader
Back to Contents

Volume: 15 Issue: 2
(February 2018)

gdpr eu data reform enforcement


France: CNIL publishes approach to GDPR enforcement

The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018. In particular, CNIL stated that for the first few months it will make a distinction between fundamental principles and new obligations or rights. While with respect to the former, strict compliance checks will continue to be upheld, the controls in relation to the implementation of new obligations or rights will be carried out with a view to providing organisations with a good understanding of the operational implementation of the GDPR. Provided that an organisation acts in good faith, engages in the compliance process and cooperates, CNIL outlined that it is unlikely that such controls will lead to sanctioning procedures in the first months of the GDPR’s application.

Cécile Martin, International Counsel at Proskauer Rose LLP, highlighted, “CNIL has taken a very pragmatic approach to the implementation of the GDPR. I am not surprised [as CNIL has] always taken a very pedagogic attitude in order to encourage companies to comply with data protection law and accompany them along the compliance process, rather than sanctioning them. CNIL understands that companies are doing their best to achieve compliance with the GDPR and has acknowledged that certain aspects of the regulation either imply a requirement for specific technical measures, which will take time and coordination, or involve further documentation from CNIL, particularly in relation to Data Protection Impact Assessments.”

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
E-Law Alerts
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed