Privacy & Information Security Law Blog

On June 1, 2019, New Decree No. 2019-536 (the “Implementing Decree”) took force, enabling the French Data Protection Act, as amended by an Ordinance of December 12, 2018, likewise to enter into force. This marks the completion of the adaption of French law to the EU General Data Protection Regulation (“GDPR”) and the EU Police and Criminal Justice Directive (Directive (EU) 2016/680).

The adaption of French law to the new EU data protection framework was conducted in various stages:

• The French Data Protection Act of January 6, 1978, was first amended by a law dated June 20, 2018, while its implementing Decree of October 20, 2005, was amended by a Decree of August 1, 2018. However, existing provisions adopted under the EU Data Protection Directive were still maintained in the amended French Data Protection Act.
• The Ordinance of December 12, 2018, completely redrafted the French Data Protection Act to correct inconsistencies with the new EU data protection framework. That Ordinance was due to enter into force at the same time as the new Implementing Decree and by no later than June 1, 2019.
• The new Implementing Decree was adopted on May 29, 2019. It repeals the previous implementing Decree of 2005, adapts certain rules of procedure before the French Data Protection Authority and further specifies the rights of individuals with respect to their personal data.

View the full new French Data Protection Act and its new Implementing Decree (both in French).