French Data Protection Authority CNIL Announces New Online Notification Procedure For Reporting Data Breaches

Cynthia O’Donoghue and Daniel Kadar write:

France’s data protection authority, the Commission Nationale De L’informatique et Des Libertés (CNIL), released a new mandatory online notification procedure for French electronic communications service providers (Providers) to rapidly report data breaches to CNIL in compliance with new EC Regulation (No.611/2013) (the Regulation).

Any data breach must be reported to CNIL via a new standardized online notification form in accordance with Article 2(4) of the Regulation. The notification must include all details set out in Annex I of the Regulation and be made no later than 24 hours after the detection of the breach. Where full details cannot be provided, organisations must make an initial notification with additional information provided no later than 3 days after the date of the breach. Such additional notification must also be provided to the individual whose data was adversely affected by the breach.

Read more on Mondaq.

About the author: Dissent