On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020. The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures (e.g., formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.
The CNIL announced that about 20% of its inspections for 2020 will focus on the three following topics as part of that strategy:
- Security of Health Data: Recent developments regarding health data (telemedicine, connected objects, data breaches affecting State health-care institutions) demonstrate that attention should be given to the security of health data processing activities.
- Geolocation for Community or Proximity Services (e.g., recommendation of appropriate transport modes based on a defined route, journey optimization, etc.): Inspections will focus on the proportionality of the personal data collected in that context, the retention periods defined by the organization, the information provided to individuals about the data processing and the security measures implemented to protect the data.
Read the CNIL’s annual inspection strategy for 2020 (in French).