In its decision of January 27, 2021, the CNIL’s Restricted Committee has just sanctioned a data controller and its data processor for lack of security. The CNIL’s decisions, although not public, are increasingly severe with regard to data processors, who can no longer escape administrative fines.
Focus on the evolution of the role and responsibility of the data processor.