Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies.
1. Websites cybersecurity
Website security incidents are among the most common non-compliances identified by the CNIL during its dawn-raids. Data breach notifications have also increased by 24% in 2020 and continue to have a double digit growth in the European Union (please see in this respect the DLA Piper’s Data breach report 2021).
The CNIL already underlined in 2020 that the cybersecurity of websites was a key issue. The CNIL will therefore continue in 2021 to check the security levels of French websites and in particular, personal data collection forms, use of HTTPS protocol, compliance with its recommendations on passwords and strategies implemented to protect against ransomware.
2. Health data security
While health data security was already a key topic for the CNIL in 2020, the current health crisis has further highlighted the challenges coming from the ever-growing digitization of the health sector. The recent an health data breach of an online hosting platform, that affected the health data of nearly 500,000 data subjects has also led the CNIL to increase its dawn-raids in the health sector, focusing in particular on the digitalization of patients’ files management within health establishments or online medical appointment booking platforms.