By deliberation n°2014-500 dated December 11th 2014 on the adoption of a frame of reference regarding the grant of a label regarding procedures of data protection governance, the CNIL created a “Data protection governance” label (Label “Gouvenance Informatique et Libertés”). This label defines the rules and good practices of personal data management. The main purpose of the label is to become a confidence indicator for data subjects.
Both public bodies and private entities are eligible for this label so long as they have a data protection officer (Correspondant Informatique et Libertés).
The CNIL defines a number of requirements with regards to internal organization, method of verification of the compliance with the Data protection Act as well as claim and incident management (for further details see the deliberation creating the label).
The CNIL verifies the admissibility of the application within 2 months on the basis of the request form for a label regarding procedures of data protection governance. During the assessment phase the CNIL may request further information from the applicant with regards to processing of personal data and the means of intervention of the data protection officer.