Data protection in France compared to the GDPR

General overview

The French legislator has extensively utilized the so-called “opening clauses” of the GDPR to create separate data protection provisions in France. There are some additions and deviations from the GDPR on key data protection topics that companies should be aware of.

GDPR opening clauses

France has established specific regulations for data processing in labour law, data processing for scientific or historical research purposes, and data processing in healthcare.

Key differences and national specifics

Specific data protection laws and official guidelines

France has specific data protection laws and official guidelines. These provide detailed information and guidance for compliance with data protection regulations in France.

Legal basis and sensitive data

In France, there are specific regulations regarding the legal basis for data processing as well as the processing of sensitive data. Companies must ensure that they inform data subjects adequately about the processing of their data.

E-Marketing, cookies, and automated decision-making

France has regulations concerning e-marketing and the handling of cookies. It is important to note that a new regulation through the ePrivacy Regulation is still pending. Additionally, there are regulations related to automated decision-making.

Data subject rights and Data Protection Impact Assessments (DPIAs)

Data subject rights in France are extensively regulated. Companies should ensure that they respect these rights. Furthermore, companies in France should conduct DPIAs in accordance with French regulations.

Conclusion

France has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in France or conducting business with French citizens should ensure that they fully understand and comply with both the GDPR and French data protection laws.