The General Data Protection Regulation, commonly known by its acronym RGPD, was adopted on April 14, 2016 by the European Parliament, and is in direct application in France since May 25, 2018.

It is the European, and therefore national, reference text on the issue of personal data processing. The national texts concerning the same subjects can only confirm its provisions, except for the 57 margins of maneuver left to the Member States (e.g. on health data, offenses, digital death, etc.).

The 1978 Data Protection Act (LIL) remains fully applicable for all files in the criminal sphere or concerning the field of intelligence and state security. The Personal Data Act of June 20, 2018, having amended the LIL, alone deals with the protection of data relating to the status of military personnel or the compensation for harm now possible via the group action.

The regulation applies to professional processing of personal data contained in a file.

It applies to any controller or processor whose registered office is located in the Union, whether or not the processing takes place in the Union. It also applies to the processing of personal data relating to natural persons who are on the territory of the Union by a controller or processor who is not established in the Union (extraterritorial application), when its activities are related to the offering of goods or services in the Union or to the monitoring of the behavior of persons, insofar as this behavior takes place within the Union.

Chronological reminder

May 4, 2016: publication of the regulation in the OJ of the European Union.
December 13, 2017: the government presents in the Council of Ministers the bill adapting the Data Protection Act to the RGPD. The CNIL (Commission Nationale de l'Informatique et des Libertés) draws attention to the significant risk of a lack of readability of the new provisions due, in particular, to the bill's choice to make only the minimal changes necessary to implement the regulation.
February 13, 2018: adoption by the National Assembly of the text of the bill on personal data, adapting the 1978 Data Protection Act to the RGPD.
May 14, 2018: final adoption of the law on the protection of personal data, after multiple back and forth between the National Assembly and the Senate. The text simply aims to eliminate from the 1978 Data Protection Act (LIL) the provisions that are contrary to it, to complete some of them in order to make them compliant with the regulation. This law also authorizes the government to take, within six months after promulgation of the law, and after the opinion of the CNIL, by way of ordinance (not yet promulgated), the following measures
- - rewrite the entire LIL in order to "make the formal corrections and adaptations necessary for simplification and consistency, as well as for simplicity of implementation by data subjects of the provisions that bring national law into compliance with the RGPD".
- - to bring into line with these changes "all the legislation applicable to the protection of personal data, to make the amendments that would be necessary to ensure respect for the hierarchy of norms and the consistency of the texts, to harmonize the state of the law, to remedy any errors and omissions resulting from the present law and to repeal the provisions that have become superfluous.

A future article will address the specific provisions of the GDPR.