Skip to content

GDPR

I. Introduction

On June 20, 2018, France adopted Law No. 2018-493 on the protection of personal data, implementing the General Data Protection Regulation (GDPR). This law revises and consolidates the 1978 law on information technology and freedoms.
The Commission Nationale de l'Informatique et des Libertés (CNIL), as the national supervisory authority, is responsible for supervising, guiding and enforcing the GDPR and its implementing texts in France.
Thus, France has set up a system for the protection of personal data in accordance with the requirements of the European Union.

II. Scope

The regulations implementing the GDPR in France apply to:

any data controller or subcontractor established on French territory;

any organization located outside of France offering goods or services to individuals located in France, or monitoring their behavior on French territory.

Regardless of the place of processing, as long as it concerns the personal data of people located in France, the law applies.
It covers both automated and non-automated processing that is part of a file system.
Activities of an exclusively personal or domestic nature are not covered by its scope.

III. Principles of data processing

Lawfulness, fairness and transparency: All processing must be based on a clear legal basis and carried out in full transparency.

Purpose limitation: Data may only be used for specified, explicit and legitimate purposes.

Data minimization: Only strictly necessary data should be collected.

Accuracy: Data must be accurate and updated regularly.

Limitation of retention: data must only be kept for as long as is strictly necessary and then deleted or anonymised.

Security and confidentiality: Appropriate technical and organizational measures must be put in place to prevent any breach, alteration or loss of data.

IV. Rights of data subjects

In accordance with the GDPR and French law, individuals have the following rights:

Right to information and access;

Right to rectification;

Right to erasure (right to be forgotten);

Right to restriction of processing;

Right to data portability;

Right to object.

For minors under the age of 15, the processing of their data requires the consent of a parent or legal guardian, and the information must be provided to them in clear and understandable language.

V. Obligations of subcontractors

Subcontractors must:

strictly comply with the written instructions of the controller;

implement appropriate security measures;

assist the Data Controller in the performance of its obligations, in particular to respond to requests from data subjects;

notify the data controller without delay in the event of a data breach, who must then inform the CNIL within 72 hours.

Controllers must keep a record of processing activities and carry out a Data Protection Impact Assessment (DPIA) if there is a high risk.
Some organizations must also appoint a Data Protection Officer (DPO) and register with the CNIL (French Data Protection Authority).

VI. International Data Transfers

When a transfer to a non-EU country is envisaged, the controller must ensure an adequate level of protection. This can be achieved by:

an adequacy decision by the European Commission;

or the signing of standard contractual clauses (SCCs).

Since the invalidation of the "Privacy Shield" on July 16, 2020, French companies must use the new standard contractual clauses adopted on June 4, 2021 or any other legal mechanism.

VII. Monitoring and enforcement

The CNIL has extensive powers, including:

the drafting of warnings or formal notices;

the restriction or prohibition of certain processing operations;

the imposition of fines of up to €20 million or 4% of worldwide turnover, whichever is greater.

French law also allows individuals to give instructions regarding the use of their data after their death. Otherwise, the processing must comply with the applicable regulations.
The French GDPR implementation framework aims to guarantee the rights of individuals, strengthen corporate compliance and promote trust in the digital environment.

VIII. Contact

Store Name: Recyclerie O Local
Phone: +33 4 88 86 11 78
E-mail: info@recyclerieolocal.com
Address: 45 Rue des 3 Frères Barthélémy, 13006 Marseille, France
Opening Hours: Monday to Saturday, 9:00 AM to 6:00 PM (CET)

Search