The CNIL publishes its 2022-2024 strategic plan

14 March 2022

The CNIL is structuring its new 2022-2024 strategic plan around three key themes for a trusted digital society: promoting respect for rights, promoting the GDPR as an asset and targeting regulation for high-stake issues.

Responding to the new challenges brought about by the increasing digitisation of society

Almost four years after the entry into force of the GDPR, most companies and public services have organised themselves to meet the challenges of data protection in the face of a public that is increasingly familiar with the new regulatory framework and, above all, their rights.

For its part, the CNIL has adapted its legal framework, deployed its technological expertise and made its sanctioning policy credible. Public authorities’ awareness of digital issues has resulted in an increase in the authority’s staff. However, responding to all the rapidly growing requests and needs in the field remains a daily challenge for the institution, which must remain an effective, pragmatic and modern regulator.

Indeed, the increasing digitisation of economic and social life as well as the pandemic have increased the risks to privacy. Furthermore, the omnipresence of major digital services raises new regulatory issues. In this context, personal data is, more than ever, the common thread of our digital daily life. Faced with these findings, it is essential that the GDPR, through European cooperation between authorities, leads to full compliance of organisations, actual respect for individuals’ rights and a level playing field between economic players.

To meet these challenges, the CNIL’s new strategic direction for 2022 to 2024 is divided into three key themes:

  1. Œ Promote the control and respect of individuals’ rights in the field
  2. Promote the GDPR as a trusted asset for organisations
  3. Prioritise targeted regulatory actions for high-stake privacy issues.


The implementation of this action plan should enable the CNIL to act in an agile way, alongside citizens, companies, associations and authorities, so as to build a trusted digital society.

- Marie-Laure Denis, Chair of the CNIL

Theme 1 - Promote the control and respect of individuals’ rights in the field

The protection of individuals’ rights over their personal data, reinforced by the GDPR, has been the CNIL’s main mission for more than forty years. In line with its previous strategic plan, the CNIL is working to promote the exercise of individuals’ rights.

Find out more about the CNIL’s first strategic theme

Theme 2 - Promote the GDPR as a trusted asset for organisations

Over the past three years, data protection has gradually become part of the daily culture of data controllers (companies, authorities, associations, etc.). In order to extend this process, the CNIL will, in particular, strengthen its offer of support by making it easier to understand the legal framework, developing compliance tools and helping to protect against cyber risks.

Find out more about the CNIL’s second strategic theme

Theme 3 - Prioritise targeted regulatory actions for high-stake privacy issues

Today, everyone can assess the extent of digital technology in their daily lives and in public debate. The technologies used are increasingly based on intensive data collection and processing. At the same time, they are giving rise to increasingly varied and rapidly evolving uses. To meet these challenges as a benchmark regulator in the digital world, the CNIL will implement a global action plan covering three key themes.

Find out more about the CNIL’s third strategic theme

Document reference

Download the strategic plan 2022-2024