Certain authorities have the power to require organizations to transmit documents or information that may include personal data: these are “authorized third parties”.
To help professionals targeted by this type of request, the CNIL publishes a practical guide and a collection of the most common procedures.
This practical guide contains the points to check before responding to a request from an authorized third party, in particular:
- obtaining a written request for communication specifying the legal basis for the request;
- the quality control of the authorized third party at the origin of the request;
- verification that the scope of the request complies with the legal provisions invoked (in particular when these rule out or recall the obligation to respect professional secrecy);
- the application of confidentiality measures in order to secure the exchange;
- keeping the traceability of the exchanges and the verifications carried out.
Each of these points is the subject of developments in the guide according to an operational approach.
Virginie Gastine Menou
RISKS AND YOU