GDPROtherHigh Severity

Tertiary Sector Company

€3,500,000

Authority

CNIL

Country

France

Date Issued

December 30, 2025

Industry

Other

Summary

The Tertiary Sector Company was fined €3.5 million by CNIL for multiple GDPR violations including inadequate data security measures, failure to obtain proper consent for cookies, lack of transparency in data processing, and failure to conduct required impact assessments. The company failed to process personal data lawfully and did not properly inform data subjects of their rights.

Violation Types

SecurityConsentTransparency

Articles Violated

View original enforcement decision

Related Enforcement Actions

Meta Platforms Ireland

DPC · GDPR · May 22, 2023

€1.2B

Amazon Europe Core

CNPD · GDPR · July 16, 2021

€746M

X Corp

DPC · GDPR · December 1, 2023

€550M

Meta Platforms Ireland

DPC · GDPR · September 5, 2022

€405M

Meta Platforms Ireland

DPC · GDPR · January 4, 2023

€390M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate GDPR compliance before regulators come knocking.

Talk to an Expert