The National Health Data System (the SNDS, i.e. the Systme National des Donnes de Sant) was launched on 10 April 2017. The SNDS is an integrated health database merging together data from several health databases such as, for example, data on healthcare consumption from statutory health insurance or data from long-term care institutions.
The SNDS was created by the 2016 Health Reform Law and several decrees were published to detail the conditions of access to the database. Permanent access is granted to a number of public organisations which require frequent use of health data, including some research bodies. Access for other public and private organisations will still require approval from the CNIL.
The Information Commissioner's Office (ICO) has reported on its involvement with a so-called "Fab-Lab" on the General Data Protection Regulation (GDPR) organised by the Article 29 Working Party (WP29). The Fab-Lab was designed to gather the views of stakeholders to help shape the guidance, which the WP29 and national data protection authorities, such as the ICO, provide on the GDPR. The ICO is lead rapporteur for the WP29's guidance on profiling and data breaches. In relation to profiling, the ICO stressed the need for the guidance to "take into account the varied situations of businesses in different sectors". In relation to data breaches, the ICO highlighted stakeholders' confusion around when organisations are required to report data breaches, what information should be included in a report and the process after a breach is reported as key issues, which the guidance will seek to clarify.