Security breaches

Security breach, data violation: when and how to notify the CNIL? Do you have to inform the persons concerned? Cabinet FÉRAL can help you.

Controllers and processors must define and implement appropriate technical and organisational measures to ensure the security of personal data processed.

To this end, they must assess the risks of destruction, loss or alteration, or unauthorised disclosure of personal data and, in the event of a security breach, assess whether it is likely to result in risks for the persons concerned. Cabinet FÉRAL assists you in this assessment and in the necessary steps to be taken with the CNIL and, if necessary, in the communication to be made to the persons concerned.

If necessary, Cabinet FÉRAL’s lawyers can call on the services of technical experts in computer security, as well as crisis communication advisors to help you manage this situation.

In the event of a CNIL inspection or sanction procedure, our team will assist you in responding and defending your interests.

Recent experiences

1. Assistance to a firm of liberal professionals victim of a ransomware to notify the data breach to the CNIL and to carry out the appropriate communication actions with the persons concerned;

2. Assistance to a company in the health sector, in the context of a data breach linked to an emailing error, in notifying the CNIL of the breach and carrying out the appropriate communication actions with the persons concerned;

3. Assistance to a video content hosting platform victim of a cyber-attack within the framework of the CNIL’s control and sanction operations in order to obtain a significant reduction in the amount of the financial penalty proposed by the CNIL’s rapporteur.

Latest publications

Close this search box.
Close this search box.