Data protection in France

Data protection in France

Report Author(s): Fran Howarth


The French data protection act was passed in 1978 and is considered to be the inspiration for the EU data protection directive of 1995. Currently, data controllers are responsible for data protection, not data processors, but that will change when the EU data protection regulation comes into force.

The data protection authority, CNIL, has imposed relatively few sanctions to date, although it does like to publicise the sanctions that it imposes. Those sanctions that have been imposed have been relatively low level. However, it has stated recently that it will step up data breach investigations, placing a priority on organisations offering contactless payments, the internet of things for healthcare and on those organisations that have obtained authorisation for their binding corporate rules.


Bloor Research

Bloor is an independent research and analyst house focused on the idea that Evolution is Essential to business success and ultimately survival. For nearly 30 years we have enabled businesses to understand the potential offered by technology and choose the optimal solutions for their needs.

Left Menu Icon