GDPR France: in 4 months 33 million cases of personal data breach

In 4 months, the French Data Protection Authority Cnil has received 742 notifications of personal data breaches, affecting 33.7 million people in France and abroad.

Since the start on the 25th of May the European Data Protection Regulation (GDPR) requires companies to notify CNIL within 72 hours of any violation of personal data held by them, if this breach entails a risk to the customer, the rights and freedoms of the persons concerned. CNIL adopts a repressive approach in case of non-compliance with the notification obligation within 72 hours.

A breach liable to a fine of € 10 million or 2% of turnover. On the other hand, it favors accompaniment when receiving notifications on time. CNIL received 742 notifications of data breaches (between May 25 and October 1). In an overwhelming majority of cases (695), reported violations are breaches of data privacy. But they can also be violations of data availability (71) or integrity (50). In 65% of cases, these notifications were related to a malicious act from outside. In 15%, it was an internal human error.

For more information on this topic visit:

Leave a Comment