Data Processors beware.

France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a

Continue Reading France’s CNIL Fines Data Processor and Data Controller Over Credential-Stuffing Attack

The French Data Protection Authority CNIL has issued guidance on types of data processing for which a Data Protection Impact Assessment (DPIA) is not required under GDPR:

  • HR-related processing, not

Continue Reading Ten Examples of Data Processing Activities That Don’t Require a DPIA According to France’s CNIL