The sanctions issued by the CNIL

22 December 2020

The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

Sanctions issued in 2021

Date Type d'organisme Manquements principaux / Thème Décision adoptée
06/01/2021 OPTICAL RETAIL TRADE

Failure to respect the exercise of individuals' rightsdata security deficiency

€250,000 financial penalty and injunction under penalty payment

11/01/2021 IT SOLUTIONS DEVELOPMENT COMPANY Lack of data security Financial penalty of €75,000
12/01/2021 MINISTRY

Lawfulness of the treatment
Lack of impact assessment
Lack of information to individuals

Call to order and injunction

03/06/2021 APPLICATION SOFTWARE PUBLISHING COMPANY

Lack of data securityillegality of
processed data

Financial penalty of €10,000
14/06/2021 COMPANY PUBLISHING A PRIVATE SALES WEBSITE DEDICATED TO DIY, GARDENING AND HOME IMPROVEMENT

Retention periods
Failure to
inform individuals
Failure to comply with requests for deletion of data
Failure to keep data secure
Consent for commercial prospecting

Financial penalty of €500,000 and injunctions
20/07/2020 INSURANCE

Duration of retention lack of
Information to individuals 

Financial penalty of €1,750,000

26/07/2021 COMPANY SPECIALISED IN AGRICULTURAL BIOTECHNOLOGY

Failure to inform individuals - obligation to
Regulate relations with a subcontractor

Financial penalty of €400,000
27/07/2021 PRESS Consent of individuals (cookies)

Financial penalty of €50,000


Sanctions issued in 2020


Sanctions issued in 2019


Sanctions issued in 2018


Keywords associated to this article