General Data Protection Regulation

Increased responsibility for data controllers

Numerous changes ahead


The reform aims at providing greater clarity and enhancing coherence when it comes to the application of rules, which will boost consumer confidence and enable companies to better take advantage of the opportunities offered by the Digital Single Market. Changes include:

One continent, one law

The new regulation will establish a single set of rules. According to the European Commission, it will thus become easier and less costly for companies to operate across the EU.

Application of European rules on European territory

Foreign companies will need to apply the same set of rules than European ones whenever they offer goods or services on the European market or engage in monitoring of European citizens. This means that big American entities such as Facebook, Google or Apple are directly concerned.

Elimination of notifications/ authorization requests

According to the Commission, companies are spending up to 130 million euros each year on formal reporting obligations. The reform will reduce these costs to a minimum.


The regulation contains a set of measures destined at reinforcing the accountability of companies and public organisations and thus to ensure effective compliance with the new rules.

Data breach notifications

Data controllers will need to report data breaches which pose a significant risk to the rights and freedoms of data subjects to the CNPD within 72 hours of discovery.

Data protection by design and by default

To ensure that data protection provisions stand the test of time, the regulation introduces the principles of data protection by default and by design. This denotes the incorporation of data protection safeguards into the very design of goods and services. It also encourages the use of techniques, such as pseudonymisation or anonymization, which will enable companies and organisations to better exploit the potential of big data while protecting privacy.

Development of the role of the Data Protection Officer

Public organisations and companies that engage in certain forms of data collection or processing (such as regular and systematic monitoring of sensible data or large scale data processing) must appoint a Data Protection Officer designated to ensure compliance with the new regulation. Other data controllers and processors are encouraged to do so as well.

Possibility to receive fines

Data controllers can be fined up to 20 million euros or 4% of the total worldwide annual turnover (whichever is highest) for noncompliance with the new Regulation.

Other resources and presentations

Conférence CNPD/SMC du 11 octobre 2016



Responsables de traitement et sous-traitants: mise en conformité et responsabilités accrues. Héloïse Bock, Avocat à la Cour, Conseiller d'Etat Présentation FR
Défis et mise en place opérationnelle d'une analyse d'impact relative à la protection des données Violaine Langlet, Agence eSanté Présentation FR
Le délégué à la protection des données: évolution du rôle et acquisition de nouvelles compétences Arnaud Constant, APDL Présentation FR

Séances d'informations du 14 au 18 novembre 2016



Tronc commun

Eléments du règlement communs à tous les secteurs d'activités

Mélanie Gagnon, APDL

Vincent Wellens, APDL

Présentation FREN

Contenu spécialisé

Eléments du règlement touchant un secteur d'activités en particulier


14 nov: Banques et professionnels du secteur financier (Max Spielmann, ancien chargé de mission SMC)

15 nov: Sous-traitants informatiques, PSF de support et non PSF (Michael Hofmann, APDL)

16 nov: Domaines de la santé et de la recherche (Claire Leonelli, APDL)

17 nov: Développement: logiciels, web, Apps, etc. (Nicolas Sanitas, InTech et Xavier Lefevre)

18 nov: Startup (Rima Guillen, APDL)


Présentation FREN

Présentation EN

Présentation FREN

Présentation FREN

Solutions technologiques

Qu'en est-il des solutions technologiques pour faciliter la mise en oeuvre du règlement?

Alain Herrmann, CNPD

Sébastien Pineau, LIST

Présentation FREN

Last update