French Data Protection Regulator CNIL offers flexibility on new GDPR rules


French Data Protection Regulator CNIL offers flexibility on new GDPR rules if you act in ‘good faith’ and are ‘cooperative’.

 

The French Data Protection Regulator CNIL – Commission Nationale de l’Informatique et des Libertés recently announced that in the short months post-GDPR (25 May 2018), it may not sanction breaches of new obligations or rights flowing from the GDPR, e.g. the right to data portability and impact assessments. In return the French Regulator requires that the organisations engaged in the compliance process, are of ‘good faith’ and ‘cooperate’ with the CNIL. The CNIL will allow up to three years to complete a DPIA in certain limited circumstances. Check out the original CNIL article link below. Interesting to see whether the Irish Regulator will support any suchlike flexibility!

 

https://www.cnil.fr/fr/rgpd-comment-la-cnil-vous-accompagne-dans-cette-periode-transitoire