The CNIL has published on its website lists of all registration formalities carried out by data controllers since 1979, which are updated weekly. It was previously only possible to find a limited number of the formalities carried out on Lgifrance, mainly those for which processing requires prior authorisation from the CNIL. For any other formality carried out by a data controller, one had to request this information from the CNIL. From now on, this information is publicly available. However, these lists do not contain all the information provided by the controller in the course of his registration or application for authorisation.

This may be an opportunity for some data controllers to verify their state of compliance and whether all required registrations have been carried out. Once the GDPR comes into force in May 2018, most of these formalities will no longer be required and will be replaced by accountability obligations. However, a grace period will be put in place for processing activities for which the formalities have been completed (and which comply with the GDPR), as is the case for those that will require a Data Protection Impact Assessment, possibly followed by a consultation with the CNIL.