The French Data Protection Authority (CNIL) has issued a new certification (label) on January 13, following the certifications on privacy audits, privacy trainings and digital safe.
It is intended for bodies who want to publicly show that they adopt a compliant attitude toward data protection. The CNIL presents it as a trust indicator toward the public. It is obviously a compliance-enabler. It is expected to be of assistance to comply with the accountability principle set forth in the draft regulation, as showing the developed documentation is essential, such as policies, data-flow mapping, risk analysis and the control and measurements implemented.
The applicant must have an appropriate compliance organization in place. In particular, it must have appointed an official French data protection officer (DPO), called “Correspondant à la protection des Données Personnelles”, the so-called CIL. AFCDP, the IAPP’s French sister association, which represents DPOs in France, has been involved in the elaboration of the document.
It is also necessary to show having processes in place for the management of claims and incidents, including data subjects’ access requests and security breaches.
Interested candidates can apply online or on paper by downloading the corresponding form.