The French Data Protection Authority (CNIL) has published its Deliberation No. 2011-023, which IT Law Group reports should make reporting requirements less odious for companies that have no operations in France but use subcontractors or cloud providers there to process data. The French Data Protection Law requires companies to file with CNIL and, in some cases, obtain authorization in advance. Under the new declaration, payroll processing, workforce management and the management of databases of clients and prospects for personal data collected outside of France will be exempt from the requirement for data that is returned to the data controller, or other specified recipient, "for the benefit of the data subject," the report states.
If you want to comment on this post, you need to login.