The CNIL blows the whistle for the end of the transition period. For the first time, the CNIL’s 2019 investigation program is not specific to an industry and potentially impacts controllers and processors throughout all sectors of business. Going forward, the CNIL will also be more thorough and less lenient.
CNIL’s yearly investigation programs account for approximately one quarter of its investigations. This year’s program will focus on three major areas:
- The complaints it receives (either collective or individual). These complaints, or the exercise of data subjects rights, represented about 73.8 % of all complaints received in 2018.
- The sharing of responsibilities between processors and subcontractors, which is a cross-sector topic.
- The data of children (including what data is collected, i.e., photos, biometric data and CCTV in schools, as well as parental consent for children under 15).
As in previous years, the CNIL will also:
- Investigate complaints and the reports sent to the CNIL.
- Follow up on past procedures.
- Gather information from various news sources.
Finally, the CNIL will continue the cooperation initiated in 2018 with its other national Supervisory authorities, such as joint control operations.