Administrative sanctions:
The CNPD may impose administrative fines pursuant to Article 83 of the General Data Protection Regulation (EU) 2016/679 (GDPR), in addition to - or instead of - other corrective measures, depending on the circumstances of each individual case.
The CNPD may also impose on the controller or processor a penalty of up to 5% of its average daily turnover in the previous financial year, respectively during the last financial year closed, as long as such controller or processor does not communicate information requested by the CNPD pursuant to Article 58(1)(a) GDPR, or as long as such controller or processor does not abide by a corrective measure adopted by the CNPD pursuant to Article 58(2)(c)-(j) GDPR.
Criminal sanctions:
The CNPD may impose criminal sanctions (an imprisonment of eight days or a fine of between EUR 251 and EUR 125,000) against anyone who knowingly prevents or hinders the performance of the CNPD's missions.
Others:
In the context of its tasks set out in the law dated 1 August 2018, reference A686, article 8, the CNPD has the following powers:
- to obtain from controllers and/or processors access to all personal data processed and all information necessary for the performance of its tasks;
- to issue warnings to a controller or a processor that planned data processing operations are likely to infringe provisions adopted pursuant to the law dated 1 August 2018 on the protection of natural persons with regard to the processing of personal data in criminal and national security matters;
- to order the controller or processor to bring processing operations into compliance with the provisions adopted pursuant to the law dated 1 August 2018 on the protection of natural persons with regard to the processing of personal data in criminal and national security matters, where appropriate, in a specified manner and within a specified period, in particular by ordering the rectification or erasure of personal data or restriction on processing in accordance with Article 15 of the law dated 1 August 2018 on the protection of natural persons with regard to the processing of personal data in criminal and national security matters;
- to impose a temporary or definitive limitation, including a ban, on processing;
- to advise the controller in accordance with the prior consultation procedure referred to in Article 27 of the law dated 1 August 2018 on the protection of natural persons with regard to the processing of personal data in criminal and national security matters;
- to issue, on its own initiative or on request, opinions to the Chamber of Deputies (Chambre des Députés) and its Government or other institutions and organisations as well as the public, on any question relating to personal data processing.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.