Syntec Numérique responds to the Cnil consultation on the European Regulation

The digital sector would like to reiterate the fundamental issue of personal data protection, for citizens but also for businesses.
The application of the European Regulation (or GDPR) will affect all French businesses, whether they are service providers in the digital sector or customers in all sectors of the French and/or European economy.

Syntec Numérique welcomes this opportunity to interact with the Cnil. The co-construction of an operational framework seems to be an effective means of flexible regulation.

Syntec Numérique draws the Authority’s attention to a number of points of vigilance linked to the right to portability: in particular, the need to prevent service providers from being forced to monitor networks or use flow interception techniques. In addition, the practical aspects of exercising portability will need to be carefully determined (reversion format, limiting the number of requests from individuals to avoid abuse, etc.), as the cost of the service for users and service providers is at stake.

Syntec Numérique would like the list of processing operations for which an impact assessment is required (Article 35-4 of the Regulation) to be made available to companies quickly, after a consultation process, to enable them to anticipate the application of the Regulation in May 2018.

Syntec Numérique will be closely scrutinizing the provisions relating to DPOs, a new but necessary profession. The Regulation is not always clear on the criteria for appointing a DPO and on his or her profile, and the G29’s clarifications will be useful for companies. Syntec Numérique wants companies to be free to pool their DPOs: while a recommendation from the Cnil is desirable on this subject, there is no need to constrain players in the sector.