France: Protection of personal data : France adapts its legislation to the European requirements resulting from the GDPR regulation

In May 2018, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force to harmonize these measures between all the countries of the European Union. A bill adapts French law to the new requirements. Employers are concerned because they have files relating to their employees. It includes the implementation of a retrospective control instead of the current reporting regime to the CNIL, while preserving authorization procedures in the most sensitive cases. It also plans to strengthen the investigative and sanctioning power of the CNIL (French National Commission for Information Technology and Freedom), the competent authority in France responsible for ensuring that computers do not infringe on privacy or individual liberties.