Our blog about
GDPR
TRACFIN real estate: Obligations, procedures and risks!
A genuine public policy issue, the TRACFIN framework aims to combat money laundering and terrorist financing (ML/TF). Given that the real estate sector is particularly
CNIL Report 2024: What are the priorities ?
The CNIL has published its 2024 annual report, a document that goes far beyond a simple activity report. Indeed, this latter highlights serious issues for
Data controllers and processors: what are the differences ?
I. Understanding the definitions of GDPR 1. The data controller: definition and role The Data Controller (DC) is defined in Article 4(7) of the GDPR
EDPB 2024 Report: The 10 Key Points and priorities
1. Strategy 2024-2027: Recommendations of the EDPB The EDPB has adopted its strategy for the 2024-2027 period defining its priorities around four pillars. 2. Consent
Information obligations and GDPR: How to ensure effective transparency of data subjects ?
GDPR imposes several obligations among which is the use of a legal basis for the collection and use of personal data. In parallel, the obligation
Mapping personal data processing: methodology, steps and DPO’s role
Compliance with GDPR relies on a deep understanding of data processing within the organization. However, this knowledge cannot be improvised; it must be structured, exhaustive,
One year of sanctions by the CNIL: assessment and points of attention
In 2024, there was an intensification of sanctions pronounced by the CNIL. In a context where the protection of personal data is becoming an increasingly
CNIL 2025-2028 Action Plan: AI, Cybersecurity and Data Protection
On January 10, 2025, the CNIL published its strategic plan 2025-2028 (Strategic Plan of the CNIL – 2025-2028). It thus defined its strategic priorities for
What is GDPR?
Introduction : The main principles of the GDPR. Today we will discuss the principles of the GDPR. When we talk about GDPR principles, these are
Key points to successfully conduct your GDPR audit
The GDPR audit is a key step in achieving compliance for businesses and all private or public organizations. The CNIL has indeed indicated that mapping
GDPR and EHDS (Regulation on Health Data of the European Space (EHDS): Which rules for the processing of health data in Europe?
The entry into force of Regulation 2025/327 concerning the European Health Data Space (“EEDS” or “EHDS”) on 26 March 2025 constitutes a major advancement in
CNIL Sanctions in 2024: Overview and Recommendations
In 2024, the CNIL significantly strengthened its enforcement actions with a record number of sanctions and corrective measures. Misleading prospecting, inadequate security, deficient handling of
Crisis Management: 10 Top Reflexes to have during a Cyberattack
To have a cyber crisis management process has become an essential element for the resilience of all organizations, public and private. It is their ability
CNIL sanction: A software publisher for medical laboratories fined 1.5 million euros in administrative penalties
On April 21, 2022, the CNIL issued an enforcement decision by which the company DEDALUS BIOLOGIE was fined 1.5 million euros. On February 23, 2021,
Commercial prospecting and hospitality: Sanction of the CNIL against Accor
The CNIL has accused the ACCOR group of the following breaches: Since then, the company has come into compliance with all of these violations. What
Transfer of Personal Data: How to ensure a high level of protection and security?
The question of personal data protection is regularly assessed in light of numerous data transfers, intra-EU or extra-EU. 5 years after the implementation of GDPR,
Data breach: what to do?
What is a data breach? A personal data breach is defined in Article 4.12 of the GDPR as an accidental or unlawful breach of security
Sanctions against Clearview, a test for the effectiveness of the GDPR ?
What is it about ? Clearview AI is an American company (with no establishment in Europe) which provides facial recognition services. Which services have regularly been