RGPD

I. Introduction

On June 20, 2018, France adopted Law No. 2018-493 on the protection of personal data, in order to implement the General Data Protection Regulation (GDPR). This law revises and consolidates the 1978 Data Protection Act.
The National Commission for Information Technology and Civil Liberties (CNIL), as the national supervisory authority, is responsible for overseeing, guiding, and enforcing the GDPR and its implementing texts in France.
Thus, France has established a personal data protection framework compliant with European Union requirements.

II. Scope of Application

The implementing regulations of the GDPR in France apply to:

any data controller or processor established on French territory;

any organization located outside France offering goods or services to individuals in France, or monitoring their behavior on French territory.

Regardless of where the processing is carried out, as soon as it concerns personal data of individuals located in France, the law applies.
It covers automated processing as well as non-automated processing that forms part of a filing system.
Activities of an exclusively personal or domestic nature do not fall within its scope.

III. Principles of Data Processing

Lawfulness, fairness, and transparency: all processing must be based on a clear legal basis and be conducted transparently.

Purpose limitation: data can only be used for specified and legitimate purposes.

Data minimization: only strictly necessary data should be collected.

Accuracy: data must be accurate and updated regularly.

Storage limitation: data should not be stored longer than strictly necessary, then deleted or anonymized.

Security and confidentiality: appropriate technical and organizational measures must be implemented to prevent any breach, alteration, or loss of data.

IV. Data Subject Rights

In accordance with the GDPR and French law, individuals have the following rights:

Right to information and access;

Right to rectification;

Right to erasure (right to be forgotten);

Right to restriction of processing;

Right to data portability;

Right to object.

For minors under 15 years of age, the processing of their data requires the consent of a parent or legal guardian, and the information must be provided to them in clear and understandable language.

V. Processor Obligations

Processors must:

strictly adhere to the written instructions of the data controller;

implement adequate security measures;

assist the data controller in fulfilling their obligations, particularly in responding to requests from data subjects;

promptly notify the data controller in the event of a data breach, with the data controller then required to inform the CNIL within 72 hours.

Data controllers must maintain a record of processing activities and conduct a Data Protection Impact Assessment (DPIA) in cases of high risk.
Certain organizations must also appoint a Data Protection Officer (DPO) and register with the CNIL.

VI. International Data Transfers

When a transfer to a country outside the EU is contemplated, the data controller must ensure an adequate level of protection. This can be achieved through:

an adequacy decision by the European Commission;

or the signing of Standard Contractual Clauses (SCCs).

Since the invalidation of the "Privacy Shield" on July 16, 2020, French entities must use the new Standard Contractual Clauses adopted on June 4, 2021, or any other legal mechanism.

VII. Enforcement and Control

The CNIL has extensive powers, including:

issuing warnings or formal notices;

limiting or prohibiting certain processing activities;

imposing fines of up to 20 million euros or 4% of global turnover, whichever is higher.

French law also allows individuals to issue directives regarding the use of their data after their death. Failing this, the processing must comply with current regulations.
The French framework for GDPR implementation aims to guarantee individuals' rights, strengthen corporate compliance, and promote trust in the digital environment.

VIII. Contact

Customer Service Number:+33 2 33 45 74 72

Email: info@fondsdetiroir.com

Address:11 rue de la Glacière, 50200 Coutances, France

Opening hours: Monday to Friday, 9:00 AM to 6:00 PM (Central European Time, CET)