FR CNIL Transitioning to GDPR

On Feb. 23, FR CNIL updated on new processes for data protection.

  • Cited imminent entry into force of the European Data Protection Regulation (GDPR).
  • Implement new compliance tool, certification, and gradually ending labeling activity.


  • European Regulation and draft law currently under discussion invite data protection authorities to develop protection certification mechanisms to assist data controllers.
  • Certifications will be issued by certifying bodies approved by the CNIL or (COFRAC).
  • CNIL will also be responsible for drafting or approving certification standards, that will then be used by certifiers, as well as, if applicable, the accreditation standards.
  • Given this European orientation, and in order to focus efforts and resources on the implementation of this new system, the CNIL will gradually cease labeling activity.

End Current Labels

  • To no longer issue new label after May 25, those issued prior remain valid to expiry.
  • Will no longer be able to process applications for labeling received as of March 30.