Show all guides
Europe
GDPR

French regulator fines Optimove €1 million for GDPR violations

Last update:
Dec 11, 2025

France’s data protection authority (CNIL) fined marketing analytics company Optimove €1 million for GDPR violations related to its role as a data processor. The case stemmed from a large-scale security incident that exposed personal data processed on behalf of clients, raising questions about processor accountability under EU data protection law.

The regulator found that Optimove failed to implement adequate technical and organizational measures to protect personal data and did not sufficiently define responsibilities with its customers. CNIL stressed that GDPR obligations apply fully to processors, not only to controllers, and that companies handling large volumes of behavioral and customer data must ensure robust safeguards are in place.

The decision reinforces regulators’ growing focus on data processors and the security obligations that accompany access to large-scale consumer data ecosystems.

The full guidelines can be found
here

Related Guides

UK ICO fines LastPass £1.2 million after 2022 breach affecting 1.6 million UK users

December 4, 2025

The UK ICO fined LastPass £1.2 million for insufficient security measures following a 2022 data breach that affected approximately 1.6 million UK users.
Europe
GDPR

WhatsApp Fined €5.5 Mil for GDPR Violations

January 23, 2023

The popular Meta messaging app is fined for similar GDPR violations other Meta products' Terms of Services have incited.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only