Description

With extensive powers in terms of on-site inspections and sanctions, the CNIL increases the number of inspections in companies each year. Each company must now have an effective IT and freedoms compliance culture deployed in a concrete manner. The advent of CNIL labels, mandatory DPO, and the impact of the new European regulation reinforce compliance and performance obligations.

Who is this training for ?

For whom ?

lawyers and legal managers DPO DSI and CISO Compliance managers and risk managers

Prerequisites

Being confronted in your practice with the problems posed by personal data

Training objectives

Identify and bring into compliance processing and files containing personal data

Decipher the concrete doctrine of the CNIL and anticipate the risks of sanctions

Effectively set up an internal or external DPO

Training program

• Decipher the essential concepts and their application by the CNIL
  • Carry out the correct interpretations of the law and implementing texts, and interpret the CNIL's recommendations
  • Measure the impact of changes to the CNIL's approach, take into account takes into account the reports of the Article 29 Group and the prospects of the new European regulations
• Managing the risks linked to CNIL formalities: the register of processing activities
  • Take stock of the old “Exemptions, declarations, authorizations”
  • Compliance documentation: how far to go to certify conformity in the light of the new European regulations and quality labels the CNIL
  • Complete the register of processing activities
• Identify the new compliance obligation or “Accountability”
  • Define this new obligation
  • Identify the deliverables to meet this obligation
• Identify the new obligation to notify security breaches (security by design)
  • Define when and how to implement it
  • Know who to inform and why
  • Delimit the obligation of security and confidentiality with regard to the new CNIL standards and security breaches, what risks in the absence of notification
• Design compliant information systems and processing (privacy by design)
  • Identify the criteria for lawful collection and processing of data
  • Respect the rights of individuals and respond effectively to complaints
  • Measure the strengthening of the liability of subcontractors and co-contracting
• Implement compliance actions linked to the reality of risks

  don’t have a program yet

• Have IT and freedoms audit methods in line with the new CNIL label
  • Case study: inventory and audit using a project approach of known or hidden treatments
• Understand the solutions for legal processing outside the EU depending on the situations encountered
  • Sharing experiences: exchange on different contractual clauses, types of BCR, Safe Harbor
• Deciphering the legal and technical investigative powers of the CNIL and the escalation of sanctions
  • Case study: review of a concrete sanction file processed by the CNIL
• Appoint a DPO
  • Carry out a ratio of advantages/disadvantages before designation
  • Identify and anticipate the scope of intervention of the DPO, its status and its missions
  • Anticipate the key points of a credible action plan