The sanctions procedure

Following investigations, complaints or in case of breaches of the GDPR or of the Data Protection Act, the CNIL restricted committee may issue sanctions to controllers or processors.

The steps of the procedure of sanction

When a sanction is likely to be imposed, the CNIL Chair may appoint a “rapporteur” and refer to the restricted committee.

The powers of the restricted committee

In case of a non-compliance with the GDPR and the French Data Protection Act, the chair of the CNIL may refer to the restricted committee in order to make one or several measures pronounced at the end of a procedure during which the incriminated ...

The cooperation with the other European supervisory authorities

In certain cases, it is necessary to cooperate with the other European authorities, within a procedure of sanction or an order to comply.

The sanctions issued by the CNIL

The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

Les documents associés à cette thématique

Poster

[Infographic] The law enforcement process

Poster

[Infographic] The procedure of sanction

Les mots clés associés à cette thématique

This can also interest you ...

Commercial prospecting and rights of individuals: EDF fined 600 000 euros

On 24 November 2022, the CNIL issued an administrative fine of 600 000 euros against the company EDF, in particular because it didn't respect its obligations regarding commercial ...

29 November 2022

DISCORD INC. fined 800 000 euros

On 10th November 2022, the CNIL fined DISCORD INC. 800,000 euros for failing to comply with several obligations of the GDPR, in particular with regard to the data retention periods...

17 November 2022

EDPB: wish list for harmonising the application of the GDPR and a declaration on the digital euro

03 November 2022

EDPB