THE MAIN SANCTIONS IMPOSED IN EUROPE AND FRANCE.

Coming into force in May 2018, the General Data Protection Regulation (GDPR) has since seen the French data protection authority, the Commission nationale de l'informatique et des libertés (CNIL), impose several fines on numerous companies for non-compliance with the GDPR.

Here are the main reasons with some recent examples:

failure to comply with transparency and information on personal data,

failure to respect the rights of the persons concerned.

failure to respect the right of objection of the persons concerned

failure to comply with the principle of data minimization.

failure to comply with the legal bases for data processing.

It is important to note that the CNIL can impose fines of up to 4% of the company's annual worldwide turnover or €20 million, whichever is higher. The fines imposed depend on the severity of the violation, the number of people affected, and the damage suffered.

Here is a list of European companies (non-exhaustive) that have received a fine under the GDPR, issued by the data protection authorities of the European Union countries, including the CNIL for French territory:

– Google (Ireland): 50 million euros from the French CNIL (January 2019)

– Google (Ireland): €100 million from the Italian data protection authority (January 2019)

– Marriott (United Kingdom): €18.4 million from the British data protection authority (July 2019)
– Sergic (France): 400,000 euros from the French CNIL (September 2019)

– Optical Center (France): 250,000 euros from the French CNIL (December 2019)

– Boulanger (France): 100,000 euros from the French CNIL (June 2020)
– La Poste (France): 100,000 euros from the French CNIL (June 2020)
– Eni Gas e Luce (Italy): €11.5 million from the Italian Data Protection Authority (July 2020)

– H&M (Germany): €35.3 million by the German data protection authority (October 2020)

– British Airways (UK): €22 million from the UK Data Protection Authority (October 2020)

– AOK Bundesverband (Germany): 1.2 million euros from the German Data Protection Authority (November 2020)

– Active Assurances (France): 180,000 euros from the French CNIL (November 2020)

– Bouygues Telecom (France): 250,000 euros from the French CNIL (November 2020)
– Wind Tre (Italy): €16.7 million from the Italian Data Protection Authority (December 2020)

– Carrefour (France): 2.5 million euros by the French CNIL (December 2020)

– TIM (Italy): €27.8 million from the Italian Data Protection Authority (January 2021)

– Google (Ireland): €35 million from the German data protection authority (February 2021)
– Hertz (France): 40,000 euros from the French CNIL (February 2021)
– Futura Internationale (France): 500,000 euros from the French CNIL (April 2021)

– Carrefour (France): 2.25 million euros by the French CNIL (June 2021)

It is important to note that this list is far from exhaustive and that other European companies have been sanctioned by other data protection authorities in the European Union.