The French legislator has made relatively extensive use of the opening clauses of the GDPR to create separate regulations for data protection in France. In the following, you will find the additions and derogations to the GDPR on the most important topics of data protection that companies need to know. If topics are not linked, there are no derogating provisions in the national data protection law.
In the following, you will find the additions and derogations to the GDPR on the most important topics of personal data protection for companies. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Material and territorial scope (no regulations deviating from the GDPR)
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Information requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Cookies
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities (no regulations deviating from the GDPR)
- Data security
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer (no regulations deviating from the GDPR)
- Certification
- Data transfer (no regulations deviating from the GDPR)
- Supervisory authorities
- Sanctions and penalties (no regulations deviating from the GDPR)
- Data protection for employees (no regulations deviating from the GDPR)
- Archiving, scientific and historical research
