In recent months, the French Data Protection Authority (CNIL) has examined the extent to which Human Resource management systems comply with French data protection laws in some fifty companies. In particular, the inspections revealed the following: (1) insufficient knowledge and information of employees concerning their legal rights; (2) issues relating to international data transfers; (3) the absence of compliant data retention policies; and (4) non-respect of the notification requirements regarding whistleblowing hotlines. The CNIL press release is available (in French) here.  

On November 17, 2008, the CNIL also published a guide advising employers in connection with data protection compliance issues and informing employees of their legal rights regarding issues such as the electronic processing of personal data, video-surveillance systems, cyber surveillance and access controls based on biometric data. The full text of the guide is available (in French) here.