As the holidays approach, the mood in our companies oscillates between the haste to cut contact and the need to complete files. However, if there is one subject that does not take time off, it is data protection.
By 2026, the landscape has changed dramatically. The days when GDPR was seen as a simple administrative chore are over. With the arrival of Europe in the field of artificial intelligence (AI Act) and the tightening of CNIL controls, data management has become the thermometer of trust.
For us, entrepreneurs, the issue is no longer just legal. He is deeply human and managerial.
Cyberattacks and sanctions: The time to wake up has come
In recent months, the news has cruelly reminded us that the slightest flaw comes at a high price. The latest sanctions from the CNIL have had the effect of an electric shock in the French ecosystem.
- The Free affair: The regulator hit hard with a record cumulative fine of 42 million euros following a massive data breach.
- France Work: The public operator was fined 5 million euros after a major cyberattack.
- IQVIA: In the health sector, this data giant was fined 5 million euros for a lack of security of patient data.
What to remember: The CNIL no longer simply checks your legal texts. She wants technical proof. Multi-factor authentication (MFA), encryption, network partitioning and strict access management are now the minimum standard for every SME.
The 3 priorities of the CNIL for the start of the school year
If you’re taking advantage of the calm of summer to update your roadmap, keep an eye on the regulator’s calendar. For the end of the year, three sectors are particularly targeted:
1. Recruitment and HR
CV sorting practices are scrutinized. The CNIL tracks excessive retention periods for applications and the hidden use of algorithms to select profiles.
2. Sport and federations
In the wake of major events, the collection of licensees’ data (sometimes very sensitive, such as medical certificates) is subject to strict audits.
3. E-commerce and marketing
Via its simplified sanction procedure, the data policeman hunts down recalcitrant cookies – those where refusing tracking is an obstacle course – and abusive video surveillance of employees in their workplace.
Artificial Intelligence at the heart of management
The real challenge of the year lies in the rapid adoption of generative AI into our routines. How to increase productivity while remaining compliant?
This is the current paradox. Pressed by objectives, your employees use AI tools on a daily basis. The risk? That they inject, without any bad intention, customer data or commercial secrets.
The CNIL, which is finalizing its practical guides on AI, recalls an essential principle: humans must remain in control. An algorithm should never be a black box. If an AI helps evaluate an employee or guide a decision, you must be able to explain the logic.
Transform constraint into corporate culture
Faced with this avalanche of rules, we can quickly become discouraged. This can be seen as a barrier to innovation. But the most agile leaders make the opposite choice: they use it as an argument for confidence.
The secret to good compliance does not lie in fear of the police, but in pedagogy. Explaining to your teams why we protect data means promoting the company’s assets and respecting the privacy of your customers.
Before closing the offices for vacation, take an hour to educate your teams about good digital practices and the responsible use of AI. It is undoubtedly the best investment to spend a peaceful summer and prepare for a secure return to school.