Other

#2018-493Law No. 2018-493 on Personal Data Protection

🇫🇷France··Other·High Impact·View source ↗

AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.

🇬🇧 English

The law LOI n° 2018-493 strengthens the legal framework for personal data protection in France, aligning national regulations with the EU's General Data Protection Regulation (GDPR). It enhances the powers of the French Data Protection Authority (CNIL) by empowering it to issue guidelines, enforce compliance, and support organizations in handling personal data responsibly. The amendments also introduce greater accountability for data controllers and processors, enabling them to better manage risks related to data processing.

AI-generated summary. May contain errors. Refer to official sources for legal decisions.

Key Changes

  • Increased powers for the French Data Protection Authority, including the ability to certify compliance and issue guidelines.
  • Creation of specific regulations for handling sensitive personal data, including biometric and health-related data.
  • Enhanced obligations for data controllers regarding compliance and risk management.

Obligations

What this law requires

high

CNIL must establish and publish guidelines, recommendations, or standards to facilitate compliance of personal data processing with data protection regulations and to enable controllers and processors to conduct prior risk assessments

French Data Protection Authority (CNIL)
operational
high

CNIL must encourage the development of codes of conduct defining obligations for data controllers and processors, taking into account risks to rights and freedoms of individuals, particularly minors, and specific needs of local authorities and SMEs

French Data Protection Authority (CNIL)
operational
high

CNIL must establish and publish standard regulations to ensure security of personal data processing systems and govern processing of biometric, genetic, and health data

French Data Protection Authority (CNIL)
operational
high

CNIL may prescribe supplementary technical and organizational measures for processing biometric, genetic, and health data, except for processing undertaken by the State exercising its public authority prerogatives

Data controllers and processors (except State acting in exercise of public powers)
operational
medium

CNIL must certify persons, products, data systems, or procedures to recognize compliance with GDPR and this law, taking into account specific needs of local authorities, their groupings, and SMEs

French Data Protection Authority (CNIL)
licensing

Affected Parties

Businesses and organizations processing personal dataIndividuals whose data is being processed

Tags

data protection,GDPR compliance,personal rights

More from France

Decree of March 10, 2026 Appointing Member to the Board of the National Institute of Art History

Order of April 8, 2026, Extending the Exemption for Biocide 'BIOBOR JF' Usage Until April 30, 2027

Decree No. 2026-211 of March 24, 2026, on Traffic and Road Safety Data and Information