France's data protection authority, the Commission nationale de l'informatique et des libertés, released guidance on handling data transfer requests from authorized third parties. Before responding to an authorized third party, the CNIL advises organizations to obtain a written communication detailing the legal basis for the inquiry and verify the scope of the request meets all necessary legal provisions. The CNIL also published six best practices for data controllers handling personal information. (Original articles are in French.)
If you want to comment on this post, you need to login.