Personal Data Law Blog
CNIL Report 2024: What are the priorities ?
The CNIL has published its 2024 annual report, a document that goes far beyond a simple activity report. Indeed, this latter highlights serious issues for
Data controllers and processors: what are the differences ?
I. Understanding the definitions of GDPR 1. The data controller: definition and role The Data Controller (DC) is defined in Article 4(7) of the GDPR
EDPB 2024 Report: The 10 Key Points and priorities
1. Strategy 2024-2027: Recommendations of the EDPB The EDPB has adopted its strategy for the 2024-2027 period defining its priorities around four pillars. 2. Consent
Information obligations and GDPR: How to ensure effective transparency of data subjects ?
GDPR imposes several obligations among which is the use of a legal basis for the collection and use of personal data. In parallel, the obligation
One year of sanctions by the CNIL: assessment and points of attention
In 2024, there was an intensification of sanctions pronounced by the CNIL. In a context where the protection of personal data is becoming an increasingly
CNIL 2025-2028 Action Plan: AI, Cybersecurity and Data Protection
On January 10, 2025, the CNIL published its strategic plan 2025-2028 (Strategic Plan of the CNIL – 2025-2028). It thus defined its strategic priorities for
What is GDPR?
Introduction : The main principles of the GDPR. Today we will discuss the principles of the GDPR. When we talk about GDPR principles, these are
Key points to successfully conduct your GDPR audit
The GDPR audit is a key step in achieving compliance for businesses and all private or public organizations. The CNIL has indeed indicated that mapping
CNIL Sanctions in 2024: Overview and Recommendations
In 2024, the CNIL significantly strengthened its enforcement actions with a record number of sanctions and corrective measures. Misleading prospecting, inadequate security, deficient handling of
Transparency Portals & healthcare professionals : how to use them?
Transparency portals are increasingly becoming an indispensable benchmark for healthcare professionals, given the proliferation of sensitive data processing. How do these tools ensure compliance with
CNIL sanction: A software publisher for medical laboratories fined 1.5 million euros in administrative penalties
On April 21, 2022, the CNIL issued an enforcement decision by which the company DEDALUS BIOLOGIE was fined 1.5 million euros. On February 23, 2021,
Commercial prospecting and hospitality: Sanction of the CNIL against Accor
The CNIL has accused the ACCOR group of the following breaches: Since then, the company has come into compliance with all of these violations. What
Transfer of Personal Data: How to ensure a high level of protection and security?
The question of personal data protection is regularly assessed in light of numerous data transfers, intra-EU or extra-EU. 5 years after the implementation of GDPR,
Data breach: what to do?
What is a data breach? A personal data breach is defined in Article 4.12 of the GDPR as an accidental or unlawful breach of security
Health data: definition and legal framework
What are health data, how are they classified, and what is the legal framework applicable to them? Aumans Avocats, a law firm specializing particularly in
The European Health Data Space (EHDS): What Impact for Healthcare Professionals?
I. Presentation of the EHDS Regulation As part of its digital strategy, the European Union is developing several European data spaces aimed at facilitating data
Decentralized Clinical Trials: Definition, Regulations, and French CNIL Standards
I. Decentralized Clinical Trials 1. Definition A clinical trial (Art. 2.2.2), according to Regulation 536/2014, is a clinical study (Art. 2.2.1), which is an investigation
AI Act: Applications and Consequences
I. A Legislative Framework for Regulating Artificial Intelligence within the European Union Adopted by the European Union, Regulation (EU) 2024/1689, also known as the Artificial
AI Act: High-Risk AI Systems: What Are the Challenges and Obligations?
I. Definition of a High-Risk AI System Regulation (EU) 2024/1689 (AI Act or RIA) classifies AI systems based on the risks they pose. Among these
Sanctions against Clearview, a test for the effectiveness of the GDPR ?
What is it about ? Clearview AI is an American company (with no establishment in Europe) which provides facial recognition services. Which services have regularly been