The sanctions procedure
Following investigations, complaints or in case of breaches of the GDPR or of the Data Protection Act, the CNIL restricted committee may issue sanctions to controllers or processors.
The steps of the procedure of sanction
When a sanction is likely to be imposed, the CNIL Chair may appoint a “rapporteur” and refer to the restricted committee.
The powers of the restricted committee
In case of a non-compliance with the GDPR and the French Data Protection Act, the chair of the CNIL may refer to the restricted committee in order to make one or several measures pronounced at the end of a procedure during which the incriminated ...
The cooperation with the other European supervisory authorities
In certain cases, it is necessary to cooperate with the other European authorities, within a procedure of sanction or an order to comply.
The sanctions issued by the CNIL
The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.