The article 10 also recalls that the processing of personal data relating to criminal convictions and related offences or security measures may only be carried out under the supervision of the public authority. Any complete register of criminal convictions may only be kept under the control of the public authority.
The CNIL recommends limiting the use of free comment areas, raising awareness among teams likely to fill in these text areas and encouraging the use of drop-down menus offering objective assessments. However, it is not always possible to simply delete these free text fields. This is why the CNIL recommends regular audits and the use of automatic tools checking the words contained in the comment areas should also be considered. Finally, comment extractions can be performed regularly to ensure compliance with the GDPR.