🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 31 of the GDPR: Cooperation with the supervisory authority

Home GDPR articles decrypted Article 31 of the GDPR: Cooperation with the supervisory authority

Article 31 of the GDPR requires the controller and the processor to cooperate with the supervisory authority, like the CNIL in France. This obligation aims to facilitate control, investigation or advisory missions carried out by the competent authority.

Article 31 of the GDPR explained

The controller and the processor must collaborate with the competent supervisory authority, at his request, in the execution of his missions.

This concerns:

  • Requests for information (e.g. registers, documentation, proof of conformity);
  • On-site inspections or checks;
  • Implementation of recommendations or corrective measures.

This obligation applies to all organizations, whether public or private.

Why is this article important for your GDPR compliance?

There transparency and cooperation with the supervisory authority are essential to demonstrate your desire for compliance. A lack of collaboration can worsen sanctions in the event of an inspection. It is a pillar of the responsibility of processing actors.

How to comply with Article 31 of the GDPR?

  • Prepare to respond quickly to any request from the CNIL (designation of a point of contact, documentary monitoring);
  • Maintain your records, policies and evidence of compliance;
  • Be able to explain your treatments, security measures and processes;
  • Implement the authority's recommendations in the event of an alert or control.

Examples of application of Article 31 of the GDPR

  • A company receives a request for information from the CNIL: it transmits its register and its internal policies;
  • A community is subject to control: it actively cooperates by facilitating access to its premises and data;
  • A subcontractor responds to a request for an explanation of a particular processing implemented on behalf of a client.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject