On May 28 2019, the French data protection authority Commission nationale de l’informatique et des libertés (CNIL) imposed a €400,000 fine on French property management company Sergic for neglecting to maintain the security of and to limit the storage of personal data. This is the first sanction imposed on a French company under the General Data Protection Regulation (GDPR) and is also the most significant financial penalty imposed on a French company for data breaches to date, representing close to 1 percent of the yearly turnover of the fined company.
To learn more, please visit technologylawdispatch.com.