#2018-1125Ordinance No. 2018-1125 of December 12, 2018 on Personal Data Protection
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
This French law comprehensively updates data protection rules, aligning them with EU regulations like the GDPR. It strengthens the rights of people to control their personal information and imposes obligations on organizations that use such data, emphasizing security and lawful processing. Businesses operating in France or targeting French residents need to review their data policies to ensure compliance.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Aligns French data protection law with EU regulations like GDPR.
- Strengthens individual rights to control personal data.
- Imposes obligations on data processors for lawful and secure data handling.
Obligations
What this law requires
Personal data must be processed lawfully, fairly, and transparently in accordance with Title II requirements
Collect personal data only for determined, explicit, and legitimate purposes; do not process data subsequently in a manner incompatible with original collection purposes
Ensure personal data is adequate, relevant, and limited to what is necessary for stated purposes; avoid excessive data collection
Maintain accurate and up-to-date personal data; take reasonable measures to delete or correct inaccurate data without undue delay
Retain personal data only for the duration necessary to fulfill stated purposes; do not retain identifying data beyond necessary timeframes except for archival, scientific research, historical, or statistical purposes