Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

France: CNIL releases checklist for data controllers creating health data warehouses

The French data protection authority ('CNIL') released, on 28 September 2022, a checklist for personal data processing activities carried out for the purposes of creating health data warehouses, for data controllers to support compliance with CNIL's referential on the same adopted in October 2021. In particular, CNIL highlighted that any missing sections indicates that the proposed processing of health data, constituting sensitive data, does not comply with its referential and as such the controller must obtain prior authorisation from CNIL. More specifically, the checklist covers, among other things, whether data controllers have completed a Data Protection Impact Assessment ('DPIA'), cross-border data transfers will be involved, contracts with processors have been concluded, data subject rights facilitated, incident prevention and management procedures have been implemented, and training and awareness of any staff has been carried out.

You can read the press release here and the checklist here, both only available in French.

Feedback