CNIL – Privacy Design®

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

Contact information for Data Protection Authorities around the world
Number of formal notices notified each year since 2014
Number and type of sanctions notified each year since 2014
Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
List of notifications of personal data breaches received by the CNIL
List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
Number of complaints received annually by the CNIL since 1981
etc.

November 28, 2019November 28, 2019

France/CNIL: Health Data Processing: How to distinguish between a health datapool and research and what are the consequences?

When the creation of a database containing health data is envisaged, the controller must determine whether it will allow the subsequent completion of several treatments (“warehouse”) or if it is a research, study or ad hoc evaluation. Depending on this choice, the legal regime and the formalities to be performed are different.

https://www.cnil.fr/fr/traitements-de-donnees-de-sante-comment-faire-la-distinction-entre-un-entrepot-et-une-recherche-et

November 1, 2019

CNIL/France: Pior authorization for healthdata, pharmacovigilance and CNIL standards

Article by TwoBirds ” The CNIL published on 18 July 2019 a new standard concerning the processing of personal data for the purpose of vigilance in the health sector. ”
https://www.twobirds.com/en/news/articles/2019/global/new-cnil-standard-for-all-companies-doing-product-vigilance-activities

Quote: ” The standard is of great importance since according to the French Data Protection Act such processing activities are submitted to the CNIL’s prior authorization. The scope of the French prior authorization requirement is extraterritorial, and any organization worldwide doing product vigilance on individuals residing in France must obtain an authorization in order to be allowed to carry on their activities. But if their activities comply with the CNIL’s new standard, then they can now file a declaration of compliance with the CNIL, instead of filing a full request for authorization. “

Link to inofficial translation by TwoBirds at https://www.twobirds.com/~/media/pdfs/france/new-french-cnil-standard.pdf?la=en&hash=8AE9FA58104BDE6D234289328ACB6BBCE25DCBD2

—

TwoBird article on overall background at https://www.twobirds.com/en/news/articles/2019/france/processing-health-data-in-france-what-to-look-out-for-after-gdpr – incl. need for prior authorization and CNIL reference methods

February 25, 2018

CNIL – Subject Access Request eMail generator

https://www.cnil.fr/fr/modeles/courrier

February 25, 2018February 25, 2018

CNIL – Data Protection Audit Procedure

Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data

(which could be read as a good way to deliver a privacy audit – or to expect one being done on you following this procedure)

https://www.cnil.fr/sites/default/files/atoms/files/referentiel_audit_en.pdf

February 25, 2018

[Bird&Bird] Hosting health data: the French requirements

Hosting health data: the French requirements
Going through the accreditation procedure

https://www.twobirds.com/~/media/pdfs/brochures/privacy-and-data-protection/hosting-health-data—the-french-requirements.pdf

Tag: CNIL

CNIL Open Data initiative

France/CNIL: Health Data Processing: How to distinguish between a health datapool and research and what are the consequences?

CNIL/France: Pior authorization for healthdata, pharmacovigilance and CNIL standards

CNIL – Subject Access Request eMail generator

CNIL – Data Protection Audit Procedure

[Bird&Bird] Hosting health data: the French requirements