Qu’does the CNIL ?
The protection of personal data is at the heart of current concerns. The development of technologies that tend to erase the borders between the public and the private. In France, a specialized institution has been created to protect citizens. It is the CNIL.
What missions does this authority fulfill? ? The answers in this article.
What is the CNIL ?
The liberté is one of the fundamental rights enshrined in the Universal and European Convention on Human Rights. According to these provisions, an individual also has the right to right to have a private life.
However, some computer processing operations go against these rights. These actions can be for example the collection or the safeguard of data in company, through its various subdivisions.
The situation did not fail to make the authorities react. The question is to know by which means to protect the citizens.
From regulations In order to protect the rights of citizens, a number of regulations have been put in place to regulate these operations. A body has also been set up to monitor their observance. It is the CNIL. But what is the CNIL and what is its purpose ?
The CNIL or Commission Nationale de l’Informatique et des Libertés is an organization set up under the Data Protection Act. This one was adopted on January 6, 1978.
Its The role of the company is to guarantee the security of personal data. And this, whatever their nature, whether they are transcribed on paper or conveyed in the form of computer files.
The CNIL has the status of an independent administrative authority (AAI). This means that it has The CNIL is legally a public body. However, it works in full autonomy autonomy, and not under the supervision of the State.
It is formed by 18 members, designated or elected.
What are the 4 missions of the CNIL ?
The CNIL intervenes both with individuals and professionals, playing a role of advisor. It helps the former to preserve their personal data. It also guides professionals so that they align themselves with the regulations in force.
Its missions are divided into 4 main categories.
1/Informing and ensuring the respect of human rights
The CNIL must carry out communication actions with individuals in order to inform them of their rights. It can also organize campaigns of awareness within your company. The aim is to make your employees aware of their obligations in terms of personal data processing.
If an individual notices a violation of his or her rights, he or she can file a complaint with the CNIL.
2/Assisting in the implementation of the European regulation
The CNIL proposes a support within the framework of compliance with the RGPD (General Data Protection Regulation). It also intervenes with state institutions. It provides them with advice in order to develop a regulatory framework favourable to individuals and professionals.
3/Change the existing systems
The CNIL closely follows developments in the professional world, particularly in the digital sector. It then advances proposals to improve the existing regulatory framework.
4/Watch over compliance with the regulation on the protection of personal data
The CNIL monitors the application of the regulations in force concerning the processing of personal data. It has the right to sanction any company that does not respect the principles set out.
What is the CNIL’s power to sanction? ?
The rights of the CNIL in terms of sanctions have evolved over time, particularly since 2004, after a revision of the texts in force. Now, it can go as far as impose a financial penalty to the offending companies.
However, the procedure is carried out according to a well established hierarchy:
- It must first send you a warning ;
- This is followed by a formal notice, which can be shortened to 5 days in emergency situations.
If you correct the errors reported, the procedure will end. If not, the CNIL can prosecute it.
The sanctions The following measures may reach several levels depending on the seriousness of the breaches observed. The body can impose a financial penalty, pronounce an injunction to stop the treatment operations or withdraw the authorization.
It can also ask you tointerrupt the processing or block part of your data. If none of these procedures allows the situation to be resolved, the CNIL has the right to inform the Prime Minister or to refer the matter to the judge for interim relief. The latter can then take appropriate measures to stop the violation identified.
How does the CNIL decide to carry out a control ?
All the prerogatives granted to the CNIL are translated into legal texts. They can help you understand what is the CNIL and what are its missions.
The same texts authorize the institution to proceed with a control when the breaches are raised or after receiving a complaint on your structure. One or more members of the organization may conduct the necessary examinations on site. They can ask you to provide them with information or a copy of the documents that allow them to justify or refute the reported faults.
You only have You do not have the right to object to the CNIL’s control actions. Similarly, it is forbidden to hide information. The manager and his collaborators must make sure to facilitate the procedure.
An opposition, a refusal to cooperate or a false declaration can be sanctioned. The law provides for a penalty of one year imprisonment and a fine of 15 000 euros.