🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in
The Canal + case: How to avoid GDPR fines?  

Find out how the Canal+ Group could have avoided sanctions thanks to Data Comply One (formerly Mission RGPD)

Home Our references & Testimonials The Canal + Group case

The National Commission for Information Technology and Liberties (CNIL) imposed a fine of 600,000 euros to the Canal+ group for breaches of commercial prospecting and protection of personal data.

The CNIL noted in particular that Canal+ had sent electronic messages to people who had not subscribed to its newsletters, or who had already refused to receive commercial offers. The group had also used personal data for unintended purposes, such as the sale of products or services to third parties.

In addition, Canal+ had not implemented sufficient security measures to protect its customers' personal data. The CNIL thus noted that personal data had been accessible to unauthorized persons.

Canal+ has taken corrective measures since its formal notice by the CNIL. The company has notably implemented a new commercial prospecting process and strengthened its security measures.

Here are the specific shortcomings noted by the CNIL:

  • Sending electronic messages to people who had not subscribed to newsletters or who had already refused to receive commercial offers,
  • Use of personal data for unintended purposes, such as the sale of products or services to third parties,
  • Lack of sufficient security measures to protect customers' personal data.

The sanction imposed on the Canal+ group by the CNIL is an example illustrating the importance of compliance with the GDPR (General Data Protection Regulation) and how the platform Data Comply One (formerly Mission RGPD) could have helped avoid these sanctions by providing specific solutions to each breach.

THE ORIGIN OF CONTROL

Several complaints and reports people worried about their rights being taken into account have triggered the control. As a reminder, 43% of CNIL checks in 2022 come from complaints and reports.

 

THE CONTROL TYPE

It was a online control of the website, which means that if the Canal+ website had been compliant, this could have avoided certain additional complications. Thanks to Data Comply One (formerly Mission RGPD), they could have checked the compliance of their website and highlighted their commitment in this area with, for example, the GDPR Visa.

THE REASONS FOR THE SANCTION

The CNIL has noted several breaches of the GDPR, notably in the following articles:

Article 7 – Consent & Prospecting: Canal+ has not obtained the consent of individuals to receive commercial prospecting by e-mail (B2C). The Data Comply One solution (formerly Mission RGPD), the cookies and Consents functionality, could have helped them meet this obligation.

Article 13/14 – Information of individuals: They failed in their obligation to properly inform individuals, with an incomplete confidentiality policy. Data Comply One (formerly Mission GDPR) offers solutions to remedy this, including SOS functionality Shelf life and the Legal Resources and Templates.

Article 12/15 – Rights of individuals: There have been breaches of the obligation to respect people's right of access, with insufficient responses to certain requests. Data Comply One (formerly Mission GDPR) offers features such as Personal rights, Automatic data identification and Automatic data deletion to help respect these rights.

Article 28 – Subcontracting: There has been a breach of the obligation to regulate by contract the processing of data carried out by a subcontractor. Data Comply One (formerly Mission RGPD) offers tools to manage subcontractors, including l’Audit of subcontractors and legal resources and contract models.

Article 32 – Data security: The storage of Canal+ employees' passwords was not sufficiently secure, which resulted in a failure to fulfill the obligation to ensure the security of personal data. Data Comply One (formerly Mission RGPD) offers a Audit to ensure compliance and a Cybersecurity diagnosis by Visiativ to go further.

Article 33 – Data breach notification: There has been a breach of the obligation to notify the CNIL of a data breach. Data Comply One (formerly Mission RGPD) has the incidents & Data Breach functionality to manage these situations.

The solution Data Comply One (formerly Mission RGPD) 

Data Comply One (formerly Mission RGPD) has the solution to avoid each GDPR breach stated above.

With Data Comply One (formerly Mission RGPD), the Canal + Group could have prepared for an audit by the CNIL thanks to a practical sheet dedicated to this subject and to control simulations carried out during expert support.

In summary, Data Comply One (formerly Mission RGPD) is one all-in-one solution which brings together all the tools necessary to guarantee compliance with the GDPR and avoid such sanctions. Through effective compliance and ongoing monitoring, businesses can maintain compliance over time and avoid errors, breaches and non-conformities. This guarantees the tranquility and there serenity necessary to comply with the rules that have been constantly evolving since the GDPR came into force in 2018.

Find out how to avoid GDPR sanctions with Data Comply One (formerly Mission RGPD)

To view this video, authorize the YouTube Cookies cookie in our cookies banner.
Yes, viewing videos on YouTube is linked to accepting the storage of cookies to provide targeted advertising. Don't panic, just click on "Accept YouTube Cookies". And if you ever change your mind, you can withdraw consent once the video is finished. To find out more, see YouTube's cookies policy.

Request a demo