The CNIL GDPR learning workshop
Table of Contents
If you’ve read some of this blog legal-related content, you may have seen that I’m pretty interested by the privacy protection. However, despite being myself informed of the legal context, I recognize I’ve never deeply learned the GDPR itself. Of course, my various readings about this topic (including my professional activities) made me learn some good basis, but that wasn’t enough.
That’s why I’ll propose you to discover a service made by the French personal data protection authority, la CNIL, which is a training to the GDPR principles, legal basis and its impact in our lives. This service is called l’Atelier RGPD, available anytime and completely free of charges. Despite the portal being available in English, it looks like the training itself is only in French.
This training is divided into five modules and is regularly updated regarding the legal context. It’s mostly addressed to the professional people because most of its examples are from the life in enterprises. Initially, the training portal hosted four modules, the fifth one had been added recently and target the people working in Public Administration (how the electoral lists are maintained, how the population survey is organized…).
The first four module are the most important because they concern how the GDPR work. Let’s summarize the content of each module :
1. The key notions of the GDPR
This first module explains the history of the personal data protection and how the first laws regarding this topic were made in France. La CNIL exists since 1978 and the Informatique et Libertés law has been one of the inspirations for the GDPR. This module gives a definition of what is a personal data, what is a treatment, and to whom the GDPR applies to..
2. The data protection principles
This one is the biggest module because it explains the eight principles on which the GDPR protection is based :
- The purpose of the treatment
- The legal basis of the treatment
- The minimal data collection
- The special protection of the most sensitive data
- The data retention
- The security obligations
- The transparency for the concerned people
- The people’s rights on their personal data
And a last chapter about the data transfer outside the European Union.
3. The accountability
This module is dedicated to one of the new element added by the GDPR in data protection laws : the accountability of the personal data treatment responsible. It explains the accountability of the various actors (like sub contractors, co-contractors…) and details the sanctions and remedies.
4. The compliance tools and the DPO
The last module concerns the new role installed by the GDPR : the Data Protection Officer and the various obligations a data treatment responsible have to comply to.
5. The territorial collectivity
This last module has been added more recently and concern mostly the French administration and how do they have to manage the personal data in their work. These module are still very interesting because we can learn a lot about our rights as citizens (can we have access to the electoral list, how are managed the police officers personal cameras…).
At the end of each module, a multiple choice question test is proposed and a certificate of achievement is delivered at the end if you answer at least 80% good answers. You can retry as much as you want, the review will explain the answer in any case. This is not a certification and it does not count as an official document. If you’re looking for an actual certification, you will have to follow a training in a recognized center. But as far as I know, the only certification training is for the DPO.
This training is pretty dense and very interesting. I’ve learned a lot of things I didn’t knew despite being someone aware of this subject and regularly reading articles about it. If you want to follow it, you’ll need at least a day to complete the 4 modules.
If like me you’re also sensitive to the personal data management, I strongly advice to follow this training (maybe the other countries’ authorities had this kind of service too) because there are some rights you can use and you’re maybe unaware of them. It demonstrates how the GDPR has been a great step in data protection and privacy.
If I have some motivation, I could try to write some articles here to popularize the GDPR and explain the concepts.