France Fines National Employment Agency €5m Over 2024 Data Breach
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR
Stay informed on GDPR regulations and data protection with the latest news, insights, and compliance strategies in our info security hub.
Search across headline titles and summaries.
Background for this topic.
GDPR is the European Union’s General Data Protection Regulation, in force since 25 May 2018. It governs the processing of personal data by organizations in the EU and, in some circumstances, organizations elsewhere that offer services to or monitor people in the EU. It sets principles and lawful bases for processing, gives individuals rights over their data, and defines duties for controllers and processors.
For security practitioners, GDPR requires risk-appropriate technical and organizational measures to protect personal data, such as access control, encryption or pseudonymization where appropriate, resilience, and regular testing. Privacy by design and by default should shape system and data-flow decisions. A personal-data breach may require notifying the relevant supervisory authority without undue delay and, where feasible, within 72 hours of awareness; affected individuals may also need notification when the risk is high. These obligations make asset and data inventories, processor oversight, retention controls, and breach playbooks operationally important.
Weekly headline count for the current query.
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR
DLA Piper finds 22% increase in breached firms notifying European GDPR regulators
The Dutch Data Protection Authority issued Experian a €2.7m for GDPR violations including excessive collection of personal data
Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it
Ireland’s data protection watchdog accuses the Chinese social media giant of violating GDPR with transfers of European users’ data to China
The UK’s information commissioner has warned that all digital firms using children’s data must follow the GDPR
27 UK public sector organizations faced ICO enforcement actions in 2024, with three fines issued, according to URM Consulting
Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching €1.2bn
AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China
The EU Data Protection Board (EDPB) published a long-awaited opinion on how GDPR should apply to AI models
The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts
LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes
Ireland's Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations
Ireland’s Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training
The Dutch data protection regulator has imposed a €290m GDPR fine on Uber for storing driver data in the US without adequate safeguards
The Irish data protection watchdog accuses X Corp’s European subsidiary of breaching GDPR with Grok AI training
The Lithuanian data protection authority has imposed a fine of almost $2.5m on second-hand specialist Vinted for breaching GDPR
European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal information
Legal experts claim that landmark ECJ ruling will make it easier for authorities to sanction organizations infringing the GDPR