The French Data Protection Authority (CNIL) has provided a reminder that the forthcoming General Data Protection Regulation (GDPR) will result in a change of approach to the regulation of data use, with a move from a system that relies mostly on formalities to one based on accountability. This concept of accountability translates into:

  • Taking data protection into account by default and when designing a service or product
  • Establishing an organisation, measures and internal tools guaranteeing optimal protection for data subects

The CNIL also provides guides for certain tools such as recording processing activities, Privacy Impact Assessment and data breach notification. The CNIL’s six-step guide to preparing for the GDPR is set out in the link attached.