In a wake-up call for companies, the French Data Protection Regulator (CNIL) has shown that it is necessary to both technically and contractually ensure the security of personal data. The CNIL has imposed a €50,000 pecuniary sanction on Optical Center (which forms part of the elevated sanctions imposed by the CNIL) and has released its decision publicly. The fine was imposed because the company did not put into place measures to ensure the security and confidentiality of its clients’ data, and the contract signed by the company with
one of its service providers did not contain a clause specifying the service provider’s obligations in terms of security and confidentiality of clients’ data.
CNIL Decision (in French)