CNIL Fines GROUPE CANAL+ €600,000 for Various GDPR and CPCE Violations

The French Data Protection Authority (CNIL) has fined GROUPE CANAL+ 600,000 Euros for breaching the General Data Protection Regulation (GDPR) and the French Post and Electronic Communications Code (CPCE). The company did not have valid prior consent from individuals to carry out commercial prospecting campaigns by electronic means and failed to provide information as required by GDPR. Additionally, the company's contract with its processor lacked appropriate information and storage of the company's employee passwords was not secure. Moreover, the CNIL discovered a security breach that wasn't reported. The fine amount was decided taking into account the breaches identified, as well as the cooperation and measures taken by the company to bring itself into compliance. Thus, GROUPE CANAL+ will have to pay a fine of 600,000 Euros as a punishment for the infringements.