fr en

Chabert & Associés - Avocats
Lyon - Paris

Personal Data

IT and personnal data protection / GRDP

The Data Protection legislation is at the heart of the legal issues dealt with by the Chabert & Associés law firm, in particular in the fields of computer law, of Internet, and also of Health law and biotechnologies.

Given the growing importance of personal data and to best meet the needs of its clients, whether private or public, the law firm has created an expertise pole about these issues.

The new General Regulation on Data Protection (GRDP) was adopted on April 8th, 2016 (coming into effect on May 25th, 2018), harmonising in Europe personal data (PD) protection law.

This text being a European Regulation, it is directly applicable in France, with no need for transposition into the domestic law. It aims to taking into consideration recent developments concerning PD processing.

Every organization, as a data controller, must, within de date provided for the coming into effect of the GRDP, comply with its provisions.

In case of an inspection by the CNIL (the French Data Protection Authority), organizations must be able to prove that they comply with the new provisions. The European Union wished to have an effective regulation tool, so the sanctions applying in case of violation of the GRDP provisions obey to dissuasion rationale.

Depending of the violations reproached to the data controller, sanctions imposed to organizations can reach 4% of the organization’s annual world-wide turnover of the previous year.

If the organization is a part of a group, the risk exists that the administrative fine takes into consideration not only the controlled affiliated company’s turnover, but also the whole group’s turnover.

The GRDP brings significant changes in the field of PD processing. Even if the principles stemming from the French Law of January 6th, 1978 (“Information technologies and liberties”) are still effective, the philosophy changes radically: the formalities to be fulfilled with the CNIL disappear, save for same exceptions, and the data controllers’ liabilities is, in return, reinforced.

Legislator adopts, in fact, an ex post control system, instead of the previous ex ante system. In other words, only principles are formulated, data controllers being responsible of the conformity of their organizations to GRDP provisions, in order to ensure every European citizen’s right to the protection of his/her PD.

With the coming into effect of the GRPD, individuals from whom personal data are collected are holders of reinforced rights, and in case of inspection, the organization must prove that, from the PD processing design, the eventual impact of such processing on data subjects was considered and, by default, taken into consideration. The organization must also justify its choices each time that it diverges from an applying requirement applying (keeping of a register, impact assessment, appointment of a DPO (Data protection officer) …).

This new philosophy requires the implementation of internal procedures, as well as the formalization of a significant documentation allowing the inspected organization to justify its choices.

CHABERT & Associés Law Firm supports organizations in the framework of the implementation of such compliance, through different steps.

This center aims to support its customers on the items below:
 
  • Auditing the data processing within the company but also contracts from the perspective of personnal data protection.
  • Formalities to be made to the CNIL. (Declaration, authorization ...)
  • Drafting specific tools. (Charter of IT system, ethical charter, white book, information memos, rules for legal websites ...)
  • Support customers in the framework of the introduction of new technologies. (Biometrics, geolocation, video ...)
  • Determining the rules for protection of personnal data within the company.
  • Establishment of a Correspondent for personal data protection (CIL)
  • Training about personal data protection including the cyber surveillance of employees.
  • Health data processing subject to specific requirements.
  • GRDP

 
IMPORTANT COOKIES INFORMATION
We use technical cookies to ensure the proper functioning of the site, we also use cookies subject to your consent to collect statistics visit.
Click below on & laquo; ACCEPT & raquo; to accept the deposit of all cookies or on & laquo; CONFIGURE & raquo; to choose which cookies require your consent will be registered (statistical cookies), before continuing your visit to the site. Show more
 
ACCEPT CONFIGURE REFUSE
Cookie management

Cookies are text files stored by your browser and used for statistical purposes or for the operation of certain identification modules for example.
These files are not dangerous for your device and are not used to collect personal data.
This site uses cookies of identification, authentication or load-balancing not requiring prior consent, and audience measurement cookies requiring your prior consent in application of the texts governing the protection of personal data.
You can configure the setting up of these cookies by using the settings below.
We inform you that if you refuse these cookies certain functionalities of the site can become unavailable.
Google Analytics is a tool for measuring audience.
The cookies deposited by this service are used to collect statistics of anonymous visits in order to measure, for example, the number of visitors and page views.
This data are used to follow the popularity of the site, to detect possible navigation problems, to improve its ergonomics and the user experience.