Description

With extensive powers in terms of on-site inspections and sanctions, the CNIL increases the number of inspections in companies each year. Each company must now have an effective IT and freedoms compliance culture deployed in a concrete manner. The advent of CNIL labels, mandatory DPO, and the impact of the new European regulation reinforce compliance and performance obligations.

Who is this training for ?

For whom ?

lawyers and legal managers DPO DSI and CISO Compliance managers and risk managers

Prerequisites

Being confronted in your practice with the problems posed by personal data

Training objectives

• Identify and bring into compliance processing and files containing personal data
• Decipher the concrete doctrine of the CNIL and anticipate the risks of sanctions
• Effectively set up an internal or external DPO

Training program

• Decipher the essential concepts and their application by the CNIL
  • Carry out the correct interpretations of the law and implementing texts, and interpret the CNIL's recommendations
  • Measure the impact of changes to the CNIL's approach, take into account takes into account the reports of the Article 29 Group and the prospects of the new European regulations
• Managing the risks linked to CNIL formalities: the register of processing activities
  • Take stock of the old “Exemptions, declarations, authorizations”
  • Compliance documentation: how far to go to certify conformity in the light of the new European regulations and quality labels the CNIL
  • Complete the register of processing activities
• Identify the new compliance obligation or “Accountability”
  • Define this new obligation
  • Identify the deliverables to meet this obligation
• Identify the new obligation to notify security breaches (security by design)
  • Define when and how to implement it
  • Know who to inform and why
  • Delimit the obligation of security and confidentiality with regard to the new CNIL standards and security breaches, what risks in the absence of notification
• Design compliant information systems and processing (privacy by design)
  • Identify the criteria for lawful collection and processing of data
  • Respect the rights of individuals and respond effectively to complaints
  • Measure the strengthening of the liability of subcontractors and co-contracting
• Implement compliance actions linked to the reality of risks

  don’t have a program yet

• Have IT and freedoms audit methods in line with the new CNIL label
  • Case study: inventory and audit using a project approach of known or hidden treatments
• Understand the solutions for legal processing outside the EU depending on the situations encountered
  • Sharing experiences: exchange on different contractual clauses, types of BCR, Safe Harbor
• Deciphering the legal and technical investigative powers of the CNIL and the escalation of sanctions
  • Case study: review of a concrete sanction file processed by the CNIL
• Appoint a DPO
  • Carry out a ratio of advantages/disadvantages before designation
  • Identify and anticipate the scope of intervention of the DPO, its status and its missions
  • Anticipate the key points of a credible action plan