The CNIL publishes its 2022-2024 strategic plan
The CNIL is structuring its new 2022-2024 strategic plan around three key themes for a trusted digital society: promoting respect for rights, promoting the GDPR as an asset and targeting regulation for high-stake issues.
Responding to the new challenges brought about by the increasing digitisation of society
Almost four years after the entry into force of the GDPR, most companies and public services have organised themselves to meet the challenges of data protection in the face of a public that is increasingly familiar with the new regulatory framework and, above all, their rights.
For its part, the CNIL has adapted its legal framework, deployed its technological expertise and made its sanctioning policy credible. Public authorities’ awareness of digital issues has resulted in an increase in the authority’s staff. However, responding to all the rapidly growing requests and needs in the field remains a daily challenge for the institution, which must remain an effective, pragmatic and modern regulator.
Indeed, the increasing digitisation of economic and social life as well as the pandemic have increased the risks to privacy. Furthermore, the omnipresence of major digital services raises new regulatory issues. In this context, personal data is, more than ever, the common thread of our digital daily life. Faced with these findings, it is essential that the GDPR, through European cooperation between authorities, leads to full compliance of organisations, actual respect for individuals’ rights and a level playing field between economic players.
To meet these challenges, the CNIL’s new strategic direction for 2022 to 2024 is divided into three key themes:
- Promote the control and respect of individuals’ rights in the field
- Promote the GDPR as a trusted asset for organisations
- Prioritise targeted regulatory actions for high-stake privacy issues.
The implementation of this action plan should enable the CNIL to act in an agile way, alongside citizens, companies, associations and authorities, so as to build a trusted digital society.
- Marie-Laure Denis, Chair of the CNIL
Theme 1 - Promote the control and respect of individuals’ rights in the field
The protection of individuals’ rights over their personal data, reinforced by the GDPR, has been the CNIL’s main mission for more than forty years. In line with its previous strategic plan, the CNIL is working to promote the exercise of individuals’ rights.
Theme 2 - Promote the GDPR as a trusted asset for organisations
Over the past three years, data protection has gradually become part of the daily culture of data controllers (companies, authorities, associations, etc.). In order to extend this process, the CNIL will, in particular, strengthen its offer of support by making it easier to understand the legal framework, developing compliance tools and helping to protect against cyber risks.
Theme 3 - Prioritise targeted regulatory actions for high-stake privacy issues
Today, everyone can assess the extent of digital technology in their daily lives and in public debate. The technologies used are increasingly based on intensive data collection and processing. At the same time, they are giving rise to increasingly varied and rapidly evolving uses. To meet these challenges as a benchmark regulator in the digital world, the CNIL will implement a global action plan covering three key themes.