Each year, the CNIL, the French supervisory authority for data protection, publishes its control programme for the application of the #GDPR rules, i.e. the issues to which it will give priority. This control programme complements other sources of control such as complaints received by the CNIL, reports from other European supervisory authorities, initiatives related to current events, etc.
The control programme for 2021, which was published on the 3rd of March 2021, sets the following priorities:
– Cybersecurity of websites,
– Health data security,
The publication of this control programme is an opportunity for the CNIL to assess the achievements of the previous year.
With regard to the cybersecurity of French websites, the CNIL points out that “website security failures are among the most frequently observed during investigations and can lead to data breaches (2,825 notifications received in 2020, i.e. 24% more than in 2019)”. The CNIL will focus its controls on “personal data collection forms, the use of HTTPS protocol and the compliance of actors with the CNIL recommendation on passwords” but also “the strategies put in place to protect against ransomware”.
With regard to health data, the CNIL notes “the ever-increasing challenges linked to the digitisation of the health sector (management of access to computerised patient records within health establishments, online medical appointment booking platforms, management of personal data breaches in health establishments, etc.)”.
The supervisory authority aims to lead data controllers and processors “to raise the level of security of people’s health data”.
In its communication of the 3rd March 2021, the CNIL also states that it will “continue to cooperate with its European counterparts on cross-border processing” according to the cooperation methods of mutual assistance (= sharing information between European supervisory authorities) and joint operations (= controls in France or in an EU country iwiths officials from the competent supervisory authorities).
Better late than never.