On 13 October 2020, the French DPA (“CNIL”) published best practices the trade union organizations shall observe while processing personal data of their members.
In a nutshell, CNIL detailed the following main practices to ensure compliance with the data protection requirements:
- define the responsibilities incumbent to each actor involved in the processing of members’ personal data;
- inform the members on the processing of their personal data;
- define retention periods depending on the processing purposes;
- ensure restrictive access to the personal data.
These best practices are available here (only in French).
