🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

CNIL 2024 annual report: key figures, trends and lessons learned

Home News CNIL 2024 annual report: key figures, trends and lessons learned

Summary

 

An unprecedented 2024 report for the CNIL

This April 29, 2025, the CNIL published its 2024 annual report, and the figures speak for themselves: the regulation of personal data has never been so active.

➡️ 331 corrective measures,

➡️ 87 sanctions imposed,

➡️ And more than 55 million euros in fines imposed on public and private organizations.

A spectacular increase in the number of decisions, which confirms that GDPR compliance is now a strategic issue.

Explosion of complaints and data breaches

The CNIL recorded in 2024:

  • 17,772 complaints (+8% compared to 2023),
  • Including 49% linked to telecoms, the web and social networks,
  • And 5,629 data breach notifications, an increase of 20%.

The attacks were not only more numerous, but also on an unprecedented scale, with massive data leaks affecting millions of French people.

1/3 of the sanctions concern a breach of the data security obligation.

GDPR sanctions: record fines and reinforced controls

The year 2024 marks an all-time high:

  • 87 sanctions (compared to 42 in 2023),
  • 55,212,400 € fines,
  • 180 formal notices,
  • And 321 checks carried out (166 on site, 99 online, 44 on documents, 12 on hearing).

The trend is clear: the CNIL is taking action, and companies must strengthen their GDPR compliance practices.

The rise of DPOs in France

The DPO (Data Protection Officer) remains a key element in any GDPR strategy.

In 2024:

  • 103,602 organizations had designated a DPO,
  • Which represents 36,777 DPO (internal or external).

At Data Comply One (formerly Mission RGPD), we support DPOs using our GDPR software to effectively manage compliance. We also support companies and organizations that do not have a DPO with our outsourced DPO support.

Cybersecurity, AI and protection of minors: the main priorities 2025-2028

The CNIL has drawn up its roadmap:

  • Supervising generative artificial intelligence,
  • Protect minors in their digital use.
  • Strengthen cybersecurity,
  • And better regulate mobile applications and digital identity.

See the full report here

Accelerate your compliance with Data Comply One (formerly Mission GDPR)

The numbers are clear: in 2024, non-compliant organizations paid dearly.
The sanctions include:

  • The absence of a processing register,
  • Failure to respect people's rights,
  • Security vulnerabilities,
  • And the absence of a designated DPO.

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • • Automate your compliance with our GDPR software
  • • Supported or outsourced by our DPO experts
  • • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Source

Other articles
on the same subject