General Data Protection Regulation

Protection of personal data

Nine months after the entry into force of the General Data Protection Regulation (GDPR), the CNIL has pinpointed some thirty companies that have failed to fulfill their obligations.

Nine months after the entry into force of the General Data Protection Regulation (GDPR), on 25 May 2018, sanctions have fallen. All the companies were obviously not ready to respect the legal framework. Bad state of preparation? Selected risk or unavoidable risk? Thirty have been retaliated against their personal data protection policy, in the form of formal notice or sanction by the National Commission for Informatics and Liberties (CNIL).

Administrative fines already represent several million euros. Latest, Google LLC was sentenced on January 21 to pay 50 million euros for non-compliance with the European regulation RGPD. “A measure that underlines the intention of the CNIL to take very seriously the treatment of complaints against technology companies , ” says Gregory Voss, a researcher at Toulouse Business School, although the fine is well below the maximum penalty set at 4% of the company’s turnover. But the giants of the Net are not the only companies concerned.

The first heavy sanction based on the RGPD fell in Portugal, on a hospital near Lisbon, the hospital of Barreiro sentenced to a fine of 400,000 euros. In France, the same day Uber was condemned by the CNIL to pay the same amount for lack of data security. A week later, it was Bouygues Telecom’s turn. The telephone operator was fined 250,000 euros for failing to “ensure the confidentiality of data” of two million customers.

Since 2017, around 30 entities have been put in default or penalized for facts relating to data protection (the decisions pronounced before May 25, 2018 are based on the old computer law and freedom, modified by the RGPD) . “These are not just big companies,”says Sylvain Staub. Public, private, all sectors are concerned. Telephone operator, appliance trade, mutual insurance company, training organization or public housing, half of them are private sector service companies.