French Data Protection Authority Takes Stock After 4 Months of GDPR

by Foley Hoag LLP - Security, Privacy and the Law

Foley Hoag LLP - Privacy & Data Security

Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures:

It received more than 600 personal data breach notifications, ‎i.e., about 7 notifications each day, involving approximately 15 million individuals.
It received 3,767 complaints from individuals. As we commented on this blog, a few “collective” complaints were filed against Google, Amazon, Facebook, LinkedIn and Apple.
24,500 organizations appointed a Data Protection Officer in France.
It received more than 100 requests for authorization of processing activities in the health sector, a sector for which we know the GDPR raises a lot of questions.
The French Authority also announced that it will soon release new regulatory tools such as reference guides on clients/prospects management and human resources and the mandatory set of compliance rules for biometric processing activities.