Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

French Data Protection Authority Increases Compliance Inspections of U.S. Companies

Arielle Bikard | May 17, 2011

The French Data Protection Authority, La Commission Nationale de l'Informatique et des Libertés will do more inspections of companies and organizations in order to ensure that the transfer of data internationally complies with French and European Union data privacy regulations—and specifically of U.S. companies enrolled in the U.S.-E.U. Safe Harbor Program.

“CNIL wants to ensure that U.S. companies that have joined Safe Harbor respect the principles of data protection for data transfers from the European Union,” said the independent administrative authority in a statement (in French) from April 26.

CNIL hopes to complete at least 400 inspections this year, a third more than it attempted in 2010, according to the document. Aimed at protecting the privacy rights of French nationals, these checks will focus on telemedicine, storage of health data, consulting firms' use of data from the Program of Medicalization of Information Systems, records that include personal data and that are used for monitoring the health of the population, as well as treatments given in the context of medical research. CNIL is also expanding its level of oversight over corporate video surveillance this year.

“This announcement is the most recent reflection of a European commitment to promote data privacy,” according to a notice published by the law firm Gibson Dunn on May 11. “France in particular has sought to limit the transfer of private information.” 

CNIL has “the legal authority to impose a wide range of sanctions for violations of French data privacy laws, including warnings, legal injunctions, or financial sanctions,” according to the firm's document. Companies and individuals should therefore “exercise caution” when transferring data in and out of France and other European countries.