In France, the question of the processing of personal data is mainly governed by the Data Protection Act of 6 January 1978, as amended by the Act of 6 August 2004.
These legislative provisions are mainly based on a system of declaration or authorization of files of personal data.
They also confer certain rights on the persons concerned by these files, such as the right to information, the right to object, the right of access and the right of rectification.
Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data largely modifies the applicable provisions by strengthening the rights of individuals and by creating a security obligation for those responsible for data processing.
This regulation also obliges data controllers to put in place legal documentation to justify compliance with the provisions of the Regulation.
The regulation will be applicable on May 25, 2018. It is accompanied by significant sanctions.
It is already up to companies and organizations to put in place a process that complies with the regulations.
The law firm 23Bosquet advises companies and public bodies in the establishment of legal documentation in conformity with the Regulation.
It may also act as data protection officer.