The CNIL can carry out checks on all the organizations that process personal data. In order to ensure greater transparency on this activity and to promote the proper conduct of investigations, the CNIL presents a control charter.
Control, an essential mission of the CNIL
The CNIL has several missions and powers, including the possibility of control and of sanction organizations that do not comply with the General Data Protection Regulation (RGPD) or the Data Protection Act. These controls also make it possible to assess emerging issues in terms of data protection and personal privacy.
The checks are particularly supervised. They can be carried out on site, on convocation in its premises, online or on documents. 300 checks were carried out in 2019, including 53 online checks and 45 off-site checks. While complaints and claims are an important source of checks (43 % in 2019), the CNIL can also carry out investigations on its own initiative, for example in response to the news. In addition, each year it establishes a program of priority themes for future inspections.
What is the objective of the control charter?
Because of the particularly high stakes of these controls, it is essential that the organizations concerned understand the progress of these investigations and know how the CNIL can intervene.
The purpose of the CNIL control charter is therefore to recall, as precisely as possible, the rights and obligations of the bodies subject to control, in particular with regard to the Data Protection Act and the GDPR.
The CNIL also specifies the progress and consequences of an inspection, whatever its form, as well as the principles of good conduct to be followed in this context.