🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

The Cyber, AI & Data recap (October 2025): LinkedIn uses your data, CNIL Sanctions, NIS2 in French law

Home News The Cyber, AI & Data recap (October 2025): LinkedIn uses your data, CNIL Sanctions, NIS2 in French law

GDPR, NIS2, DORA, AI Act... We know how difficult it is to track regulatory news and new legal obligationsto be respected in terms of data management, cybersecurity, artificial intelligence.

Good news 👉we have prepared it’essential to remember. Because you are concerned by these issues, today we are sharing with you the key news of recent weeks, explained simply, without jargon.

Let's get to the heart of the matter. Good reading👇

  • 🥷 Cyberattacks in France
  • 🎥 October replays (NIS2 & AI Compliance)
  • 🧭 Free tool: Compliance Auto-Diag (GDPR, AI Act, NIS2)
  • 🔐 LinkedIn will use your data for AI: how to object
  • 🌍 EU transfers ⇄ Brazil: towards adequacy? what it changes
  • 🍪 Towards the end of cookie banners? concrete marketing impacts
  • 📍 CNIL & geolocation: the right reflexes to disseminate
  • ⚖️ CNIL: 16 "simplified" sanctions (video, prospecting, cooperation)
  • 🏛️ NIS2 in French law: what’s happening for organizations
  • 🏷️ GDPR Engaged Label: why (and how)

🥷 The latest cyberattacks in France

Article content

🎥 Webinars – October replays to (re)watch

✅ NIS2 Directive: understand everything & assess its compliance

The directive NIS2 imposes new cybersecurity obligations on a large number of organizations (public and private). In this replay, we show you:

  • how do you know if you are affected,
  • where to start (governance, risk management, incidents, continuity...),
  • how to assess your level via a self-diagnosis simple.

Watch the replay

Article content

✅ AI Compliance: Be AI Act & GDPR compliant

L’AI Act(european AI Regulation) is a game changer for businesses: AI systems mapping, risk analysis, governance, documentation, transparency... In this replay you will see:

  • the obligations of the RIA (AI Act) & the bridges with the GDPR,
  • the risks & sanctions in case of non-compliance,
  • how map your AIs, evaluate your risks, prepare an audit,
  • the good practices responsible governance,
  • a action plan concrete to get started without delay.

Watch the replay

Article content

Register for upcoming webinars

🧭 Free tool: GDPR Self-Diagnosis, AI Act, NIS2

Data Comply One offers you three free self-diagnoses for assess your compliance in minutes and get one personalized roadmap. Ideal for a quick initial inventory or to raise awareness among your management.

Test your GDPR, AI Act, NIS2 compliance in 5 minutes

Article content

🔐 LinkedIn wants to use your data to train its AI (from Nov. 3)

What changes

  • LinkedIn (Microsoft) updates its policies: your public data (profile, posts, comments, articles) could be used to train AI models.
  • By default, it's YES if you don't object before November 3.
  • Legal basis invoked: legitimate interest — a much-discussed basis in Europe.

Why it's sensitive

  • You lose control over content that can be reused to generate text, summaries, suggestions...
  • European regulators (EDPB/CEPD, CNIL) demand transparency + simple opt-out + exclusion of sensitive data + limited durations.

What to do (step by step)

  1. Open LinkedIn > You (top right) > Preferences & Privacy
  2. Data confidentiality
  3. Data for generative AI improvement
  4. Disable the setting

🌍 EU ⇄ Brazil: towards an adequacy decision

Why it matters

  • The GDPR in principle prohibits transfers outside the EU, unless guaranteed.
  • The adequacy decision allows transfers as simple as within the EU.
  • Brazil has the LGPD (GDPR-inspired law) and a dedicated authority (ANPD), which leads the way.

Concrete impacts

  • If you work with Brazil: less paperwork (more CCTs to manage for these flows), increased legal certainty.
  • If not: you have a clear framework if opportunities emerge.
  • Reminder: for other unsuitable countries, keep CCT/BCR + transfer assessments.

Fast action

  • Map your providers/flow to Brazil.
  • Anticipate it update of your clauses if the adequacy is adopted.

🍪 Towards the end (or simplification) of cookie banners?

The problem : banner fatigue, reflex clicks, poorly informed consents.

The European track : simplify by centralizing preferences (e.g. at the browser level), while maintaining the consent requirement.

What this means for you

  • Still need consent for non-essential trackers.
  • Less third-party data = more dependence on first-party data (CRM, content, forms).
  • Audience measurement: move to respectful solutions configured in "consent-friendly" mode.
  • UX: prepare your sites to read (and respect) centralized preferences.

Action to do

  • Audit your cookies/trackers ; limit to what is necessary.
  • Strengthen your levers first party and your consent strategy.
  • Update your CMP and your cookie policies at the end of the reform.

📍 Geolocation: the CNIL alerts — 9 good reflexes to broadcast

Why it's sensitive Geolocation reveals lifestyle habits, interests, sometimes sensitive data (places of worship, unions, health...). Risk: over-surveillance and abuses (family, professional, commercial).

Good reflexes to generalize

  • Enable sharing only when necessary.
  • Cut background tracking out of need.
  • Finely adjust permissions per app.
  • Delete location history regularly.
  • Train your teams (commerce, logistics, security) in best practices.
  • Contractually supervise the service providers who collect this data.
  • Assess the risks (AIPD/PIA if necessary) for sensitive cases.
  • Clearly inform people; facilitate the exercise of rights.
  • Disable any resale/commercial sharing if not essential.

💡 At Data Comply One, our experts support you on your GDPR & geolocation issues with our subscription-outsourced DPO offer.

Learn more

⚖️ 16 CNIL sanctions (simplified procedure) — trends to remember

Recurring themes :

  • Video surveillance disproportionate (e.g. filming sensitive areas like union premises, boarding schools, refectories...).
  • Prospecting without consent valid (e.g. misleading competitions, pre-checked boxes, unclear purposes).
  • Lack of cooperation with the CNIL (do not respond ≠ strategy).
  • Rights of individuals : watch out for right of access and to deadlines.
  • Security & register : basic gaps still common.

See the CNIL 2025 sanctions table

Express checklist

  • Check your cameras (filmed areas, displays, durations).
  • Clean up your prospecting practices (explicit consent, proof, effective opt-out).
  • Keep your register up to date (subcontractors, durations, legal bases).
  • Respond quickly to access/rectification/opposition requests.
  • Cooperate with authority (and trace your answers).

💡 Our Data Comply One platform allows you to assess and manage your compliance, keep your records up to date and easily manage rights requests. For companies that do not have an in-house manager, our experts take care of everything with our outsourced DPO offer (support in the event of a CNIL inspection included).

Learn more

🏛️ NIS2: what is changing on the French law side

The Assembly's special committee has made progress on transposition ("Resilience" bill):

  • Software publishers added to the NIS2 perimeter (supply chain).
  • Health & medico-social classified as entities essentials ; communities and research establishments as well.
  • Adapted financial sanctions for certain "important" entities.
  • Encrypted messaging : no backdoors (principle reaffirmed).
  • If you are essential/important entity, set up:

💡 Our Data Comply One Academy platform helps raise employee awareness of GDPR, AI and cybersecurity best practices. Cybersecurity training & awareness is an NIS2 obligation.

Learn more

✅ The GDPR Engaged Label (by Data Comply One)

Data Comply One supports you in your compliance and promotes your GDPR commitments. A confidence signal for your customers, partners and teams. Beyond the legal, it is a business advantage :

  • Credibility : you prove your data management practices (legal basis, security, rights).
  • Commercial differentiation : an asset in tenders & B2B sales.
  • Customer trust: reassures about the collection, use and protection of personal data.
  • Piloting : the approach structures your data governance and cybersecurity (real processes).

How to get it?

  1. Make a diagnosis on the Data Comply One platform
  2. Implement the actions of the generated roadmap (or outsource compliance to our legal experts)
  3. Have it checked by our experts
  4. Obtain the label (valid for 12 months).
  5. Build customer trust
Article content

💌 Stay informed(e) every month on Linkedin

Subscribe to our newsletter on LinkedIn to receive news, replays, tools and practical guides. +2000 professionals are already subscribed, it's free.

Learn more about Data Comply One

Data Comply One is a French company offering an online service cybersecurity and of regulatory compliance. Its all-in-one, coupling solution saas platform and outsourced DPO experts, is designed to help businesses and organizations ensure cyber compliance (GDPR, NIS 2, DORA and AI Act). More than 1,000 businesses and organizations in 22 countries already trust DCO to simplify their compliance, train their teams, and secure their legal obligations.

Make an appointment with a Data Comply One expert

Remember: cybersecurity protects, compliance reassures!

Thank you for your attention and see you soon

See you soon, The Data Comply One team

Other articles
on the same subject