• Inform, educate: the CNIL responds to requests from individuals and professionals. It carries out communication actions with the general public and professionals whether through its networks, the press, its website, its presence on social networks or by providing educational tools;
• Protect citizens' rights: anyone can contact the CNIL in the event of difficulty in exercising their rights;
• Advise and regulate: the CNIL oversees the search for solutions enabling public and private organizations to pursue their legitimate objectives in strict compliance with citizens' rights and freedoms;
• Accompanying compliance: to help private and public organizations comply with the RGPD, the CNIL offers a comprehensive toolbox tailored to their size and needs;
• Anticipate: as part of its innovation and foresight activity, CNIL, through its LINC laboratory, sets up a watch to detect and analyze technologies or new uses that could have significant impacts on privacy. It contributes to the development of privacy-protecting technological solutions by advising companies as far upstream as possible, with a view to privacy by design;
• Control and sanction : control enables the CNIL to verify the concrete implementation of the law. It can require a player to regularize its processing (formal notice) or impose sanctions (fines, etc.).

• To integrate RGPD obligations into your project and manage your data;
• To be in compliance with the specific regulations to which health data are subject;
• To design your user pathsof digital service or product and thus enable people to control their personal data and know their rights;
• To prevent risks and organize the security of your data;
• To make your RGPD compliance a competitive advantage ;
• To benefit from practical tools (see accessible resources) developer guide, repositories, registry templates etc.
• To benefit from a network: regular animation of workshops for startups working in the healthcare field, some of which are available online, presence in innovation venues such as Station F, online posting of web pages dedicated to startups on the cnil website.

• Prior to implementing data processing, once the scope of my project is well defined (what data do I want to collect and use? to do what with it? how will I inform people? what security measures are envisaged?) ;
• Ideally, on the basis of d'une analyse d'impact relative à la protection des données.

Consult our dedicated pages to identify the main actions you need to take to begin your compliance with protection des données personnelles.

No