Loi Informatique et Libertés (FR)
French GDPR implementing legislation
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
French data protection law supplements the GDPR with special provisions: stricter DPIA obligations (CNIL list), higher fines, and a mandatory DPO appointment in additional cases.
What is Loi Informatique et Libertés (FR)?
Practical relevance for DACH SMEs:
- Applicable in dealings with French end customers
- CNIL practice is often stricter than that of the BfDI
- Legal remedies before French courts
Practical example
A DACH SaaS provider with a French subsidiary must also comply with Loi 78-17 and CNIL practice.
Frequently asked questions
Comparison of fines?
CNIL: median 25k EUR. BfDI: median 12k EUR. Both trending upward.
When does it apply?
When there is an establishment in France or when targeting French end customers.