Support Centre

You have out of 10 free articles left for the week

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

France: CNIL adopts three standards for the health sector and publishes guide on data retention

The French data protection authority ('CNIL') adopted, on 28 July 2020, three referentials for the health sector ('the Standards'). In particular, the Standards include a non-binding standard on the processing of personal data by medical and paramedical clinics, which replaces the simplified norm NS-50 for medical professionals and paramedicals working on an independent basis. Furthermore, the Standards include two standards on data retention periods, the first on retention periods for processing activities in the health sector outside of the research domain and the second on data retention periods for processing activities for the purposes of research, study, and analysis in the health sector.

In addition, CNIL published a practical guide ('the Guide') on data retention periods in general which offers guidance on, among other things, the principle of data minimisation, defining retention periods, and the retention period standards.

You can read the press release here, the standard on processing by medical and paramedical clinics here, the standard on data retention periods in the health sector here, the standard on data retention periods for research purposes here, and the Guide here, all only available in French.