France has hit an all-time document in notifications of private information breaches, up 79% from 2020, the most recent report of the nation’s information safety supervisor CNIL has discovered. EURACTIV France stories.
The 12 months 2021 was not easy crusing for CNIL, France’s information safety watchdog and guardian of the EU’s Normal Knowledge Safety Regulation (GDPR), in line with the most recent exercise report it offered on Wednesday (11 Could).
Over the previous 12 months, CNIL obtained 5,037 notifications of private information breaches – about 14 notifications per day – a 79% enhance in comparison with the 12 months earlier than.
The rise displays a higher consciousness of the duty to report on the a part of the businesses but additionally a rise in cyberattacks, CNIL President Marie-Laure Denis has stated, warning that the determine nonetheless falls “far below the reality” of the state of affairs.
Among the many notified information breaches, 58% are the results of pc assaults, notably ransomware – which noticed a 128% enhance in comparison with 2020.
The popular targets of those assaults are, unsurprisingly, small and medium-sized enterprises (43%) and really small enterprises (26%), as they’re “less well-armed than large companies in the face of this threat,” the French information watchdog defined.
In 2021, the CNIL was additionally lively in finishing up repressive measures because it despatched 135 formal notices to firms that result in 18 sanctions, half of which associated to poor information safety.
Due to its sanctions, CNIL cashed in a cumulative €214 million in fines, in comparison with solely €138 million the earlier 12 months.
CNIL’s president additionally expressed satisfaction with the cooperation with fellow EU information safety authorities. Of the 18 sanctions CNIL imposed in 2021, 4 have been carried out in shut collaboration with different information safety authorities as a part of the “one-stop-shop” method foreseen by the GDPR.
The report additionally pointed to CNIL having been consulted on 17 draft selections, together with one which led to a €225 million superb being imposed on Whatsapp.
“The mobilisation of the CNIL at the European level is not limited to the repressive level,” Denis informed journalists.
As a member of the European Knowledge Safety Committee (EDPS), the CNIL takes half in discussions on many EU legislative proposals, together with the Knowledge Act, the Digital Governance Act, the Digital Markets Act, the Digital Providers Act, and the AI Act.
“The CNIL has the legal and IT skills, as well as the experience, to play a leading role in the application of these texts,” the watchdog’s president stated, welcoming the “will of the EU to have a particularly active regulation on digital issues”.
Requested if the CNIL’s human and monetary sources would match the main function the watchdog is about to have in lots of of those EU information safety legal guidelines, Denis famous that there was “an awareness on the part of the public authorities of the importance of the CNIL’s missions”.
However “the fact remains that we are still very small compared to some of our counterparts”, she added, citing the instance of the UK and Germany.
The information watchdog additionally famous the efforts made to pave the best way for the successor of the controversial EU-US Privateness Protect, citing the EU Court docket of Justice’s Schrems II ruling, which primarily rendered information transfers underneath the Privateness Protect unlawful, and figuring out it as an “important area of work”.
On the most recent EU-US settlement on the Trans-Atlantic Knowledge Privateness Framework concluded in March, Denis stated it was, no less than in the interim, “an agreement in principle”.
This announcement “is a first step, but it is only a first step,” she added, noting that it doesn’t “modify at this stage the legal framework” for transfers and the place a number of EU authorities have adopted on Google Analytics.
“Discussions are still ongoing” however “we have never seen the beginning of a text on the subject,” she additionally stated.
[Edited by Zoran Radosavljevic]