Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

Type: All Expertise News
Topics: rgpd 27 luxembourg 26 expertise 23 reglementaire 23 cybersecurite 21 nis-2 19 solution 17 cnpd 12 dora 10 soc 8 conformite 7 cnil 7 ilr 7 edpb 6 ransomware 5

7 articles found · #cnil

consultant 24/05/2026

France Travail fined: key lessons from GDPR Article 32

On 22 January 2026, the CNIL fined France Travail €5M for weaknesses in authentication, logging and access rights. In Luxembourg, GDPR Article 32 requires appropriate, demonstrably effective security measures.

expertisereglementairergpd
consultant 21/05/2026

French Council of State — Beaucaire (Apr 30, 2024): the CNIL bar for IAM

France’s Council of State confirms CNIL’s password guidance as state of the art to assess GDPR Article 32. Robust IAM governance enables compliance by design.

cybersecuritesolutioniam
consultant 20/05/2026

Analytics cookies: CNIL/CNPD exemptions, ICO still requires consent

On 29 April 2026, the ICO confirmed that non-essential analytics cookies require PECR consent. In France and Luxembourg, CNIL and CNPD allow narrow exemptions for certain audience measurement cookies.

expertisereglementairecookies
Veille reglementaire 20/05/2026

External DPO France: why choose a Luxembourg firm recognised across Europe

French company looking for an external DPO? Discover the advantage of a Luxembourg European-scale firm: multi-regulator knowledge (CNIL, CNPD, APD, BfDI, AEPD, Garante), pluridisciplinary team, lower cost than Parisian firms.

dpo-externefrancecnil
consultant 19/05/2026

Criteo: France’s Conseil d’État upholds €40M — consent prevails in AdTech

On 4 March 2026, France’s Conseil d’État upheld the €40M fine against Criteo for personalized advertising without valid consent. Key takeaway in AdTech: for targeting trackers, the lawful basis is (almost always) consent.

expertisereglementairergpd
Veille reglementaire 19/05/2026

CNIL 2025 report: EUR 487M in fines, 1 breach in 2 = hacking, key takeaways

CNIL 2025 annual report: 20,150 complaints (record), EUR 487M in fines (including Google EUR 325M and Shein EUR 150M), 1 breach in 2 results from hacking. The real signal for 2026 and 4 concrete actions for DPO and CISO.

cnilrgpdsanctions
redaction 02/05/2026

CNIL approves a GDPR code of conduct for retail

On 28 April 2026, the CNIL approved a GDPR code of conduct for apparel/footwear retailers in France. A strong signal for retailers, with auditable requirements and third-party oversight.

veilleactualitergpd