CNIL Guidelines

CNIL Compliance

Time Remaining

What is the CNIL?

The Commission nationale de l’informatique et des libertés (CNIL) is an independent French administrative regulatory body, focused on ensuring the data privacy law is applied to the collection, storage and use of personal data.

The CNIL has the general mission of informing individuals of their rights accorded to them by the French Data Protection Act and responds to requests made by individuals and companies alike.

On October 1, 2020, the French data protection authority (CNIL) announced that it had adopted its amended guidelines and final recommendations on cookies. Enforcement will begin in April 2021.

How to follow the CNIL Guidelines
  • Include all required information on the cookie banner and in the preference center to ensure data subjects are fully informed
  • Collect valid consent from the data subject to use trackers (freely given, specific, informed and unequivocal consent provided by a declaration or a clear positive act)
  • Demonstrate records of consent and audit trails
  • Adapt your consent approach using different models for each cookie category
  • Automate the intake and fulfillment of data subject requests

Who Does the CNIL Affect?

The revised French cookies rules only apply to the processing of cookies of an establishment in France, regardless of whether the actual processing takes place in France.

Rights Under the CNIL

CookiePro DSAR Web Form Editor CCPA Data Subject
Right of Access

With the Right of Access, users are able to ask the data controller directly what information they posses, and request that they disclose all of this data to the user.

How CookiePro Helps

Intake and fulfill data subject requests for personal information access requests:

  • Build a GDPR-specific request intake web form linked directly from your company’s website
  • Centralize all subject access requests into a single queue
  • Define an automated triage workflow for fulfilling requests
CookiePro DSAR Response Templates
Right to Data Portability

Users may retrieve a portion of their data in a format that is machine-readable. Users are then free to store such portable data elsewhere, or to transfer them from one service to another.

How CookiePro Helps

Provide individuals with an intake form to submit their requests, then easily find the data and fulfill the request.

  • Build a secure, robust consumer portal to intake requests in a way that matches your brand and business
  • Integrate with third-party service management tools like ServiceNow or BMC Remedy to identify, track, and fulfill requests sent to IT teams
  • Validate the user identity and use it to locate and retrieve consumer data and respond to requests quicker
CookiePro DSAR Web Form Editor CCPA Data Subject
The Right to Rectification

Users are able to request the rectification of incorrect details about their information. The right to request rectification complements the right of access.

How CookiePro Helps

Build and configure web forms to capture subject rectification requests and launch automated workflows integrated with your existing systems to update that information.

  • Build a GDPR-specific request intake web form linked directly from your company’s website
  • Centralize all subject access requests into a single queue
  • Define the end-to-end subject request process from assignment to review and approval
  • Define an automated workflow that updates the information in your integrated third-party systems
  • Set deadlines for fulfilling requests within one calendar month
CookiePro DSAR Dashboard
The Right to Object

Users may object to data fulfillment on legitimate grounds. Users are also able to object to the distribution, transmission and storage of data.

How CookiePro Helps

Use CookiePro to inform and allow visitors to object to the processing of their personal information when they visit your website.

  • Provide visitors with a customizable preference center where they can opt-out of the processing of their personal information
  • Provide visitors with a subject access request form to request for their data to no longer be processed
  • Validate the individual’s identity and use it to locate and retrieve consumer data, restrict processing, and respond to the subject request in a timely manner.

Updated CNIL Cookie Guidelines

The CNIL recently released updated cookie guidelines that repealed those from Article 5.3 of the 2013 e-Privacy Directive, which imposed an obligation to obtain prior consent before placing cookies and similar technologies. Learn how we updated on cookie consent product to address the new guidance.

Learn More
Onetrust All Rights Reserved