Regulate the use of artificial intelligence in your company: download our AI charter template

Support
Solutions
- Offloading compliance
  Automate your GDPR obligations and free up time for your core business
  
  Managing compliance
  Stay in control of your compliance with intuitive dashboards
  
  Proving compliance
  Easily demonstrate your compliance during audits and controls
  
  Anticipating regulations
  Identify and prevent data protection risks
  
  Enhancing compliance
  Make your GDPR compliance a trusted asset and a growth lever
  
  Explore our features in detail
  
  Intuitive tools accompanied by legal support to help you achieve GDPR compliance.
  
  Read more
For whom?
- Health
  Secure your sensitive data in full compliance
  
  Human resources
  Ensure the compliance of your HR data
  
  Tech
  Develop GDPR products
  
  Finance
  Strengthen confidence through exemplary compliance
  
  Group
  Manage your multinational compliance with excellence
  
  ISE
  Your group-wide GDPR compliance
  
  SMB
  An expert outsourced DPO at the right price
  
  Startups
  Scaling serenely with your GDPR compliance
  
  Discover other sectors
  
  Dipeeo stands out for its ability to offer comprehensive GDPR solutions tailored to the specific needs of each business sector.
  
  Read more
Rates
Resources
- Practical guides
  GDPR expertise simplified into actionable guides
  
  Templates
  Ready-to-use templates to save time
  
  Client cases
  Concrete success stories that inspire compliance
  
  Webinars
  Expert sessions to deepen your knowledge
  
  Videos
  GDPR compliance explained quickly
  
  Product demos
  Explore our SaaS video
  
  Discover GDPR news
  
  Keep up to date with the latest regulatory developments and their impact on your business.
  
  See the blog
Blog
Clients
About us
- Our history
  Genesis and development of Dipeeo
  
  Talents
  Meet the team that makes Dipeeo your partner of choice
  
  Press area
  In the news
  
  Partnerships
  Discover our partners and join them
  
  Join our team
  
  Your talent, our adventure: write the next chapter with us. Join a multidisciplinary team where lawyers, developers, strategists and innovators work together to build tomorrow's solutions.
  
  View positions

February 2025 Newsletter: The essentials of data protection

February 10, 2025

-

Anaïs Guilloton

In this issue:

January 28, 2029: 19th anniversary of Data Protection Day
CNIL (National Commission for Information Technology and Civil Liberties) : The 4 key recommendations for 2025 - Are you concerned?
Telephone canvassing prohibited without consent! The National Assembly strikes hard
Credential Stuffing - Are your credentials in danger?
Abusive surveillance of employees: €40,000 fine!
AI hallucination phenomenon: Beware of false truths!
DeepSeek: Chinese AI already banned in Europe! Why and what are the consequences?
Is your company using AI? 3 steps to RIA compliance
Resource of the month: Adopting AI without risk - A practical guide
Replay webinar IA & GDPR - Everything your company needs to know!

1. January 28, 2025: 19th anniversary of Data Protection Day

Since 2006, this day has marked the international commitment to data protection, in homage to the 1981 Council of Europe Convention 108, the first treaty on digital privacy.

Its aim? To raise public and corporate awareness of the crucial issues of data security and protection in an increasingly connected world.

2. AI, minors, cybersecurity, mobile apps: The CNIL (National Commission for Information Technology and Civil Liberties) goes on the offensive for a safer digital world

On January 16, 2025, the CNIL (National Commission for Information Technology and Civil Liberties) unveiled its 2025-2028 strategic plan with a clear objective: to strengthen personal data protection in the face of digital challenges. Here are the 4 priorities that will impact businesses and citizens alike.

Artificial intelligence: the French are worried

79% of French people are wary of generative AI.
62% see them as a threat to their data.

→ The CNIL (National Commission for Information Technology and Civil Liberties) wants an ethical and secure framework to guarantee responsible AI.

Protecting our children online: an absolute priority

67% of children aged 8 to 10 are already on social networks
1 in 4 families has been affected by cyberbullying.

→ The CNIL (National Commission for Information Technology and Civil Liberties) demands secure platforms suitable for minors, with greater awareness among parents.

Cybersecurity: Alarming figures

61% of French people were victims of cyberattacks in 2024 (hacking, fraud, viruses).

→ The CNIL (National Commission for Information Technology and Civil Liberties) is stepping up its actions to prevent cyberthreats and secure digital tools right from the design stage.

Mobile applications and digital identity: our lives under surveillance

The average French person spends 3.5 hours a day on their smartphone.
30 applications are downloaded per person every year.

→ Objective: guarantee privacy-friendly practices and put the user back at the center of decision-making.

These measures will have an impact on companies, digital platforms and all users. Anticipate these changes now to remain compliant and protect the data of your clients, employees and partners.

3. BtoC: National Assembly votes to ban cold calling without consent

On January 28, 2025, the French National Assembly adopted a shock measure: a total ban on BtoC telephone canvassing without consent. A direct response to the failure of the Bloctel system.

The text, adopted unanimously, still has to be validated by the Senate. Stay tuned, we'll keep you informed of the next steps!

What does this mean for your company?

✔ BtoC: No more unsolicited calls! You must now obtain prior consent from individuals before any telephone prospecting.

✔ BtoB: No change, telephone canvassing remains authorized without prior consent.

4. Credential Stuffing - Are your credentials in danger?

Two major French e-commerce brands were recently targeted by a Credential Stuffing attack .

Showroomprivé: The attack was stopped in time thanks to responsive and effective security measures.
Kiabi: Less luck for the brand, where 20,000 accounts were compromised, exposing names, contact details and IBANs!

How does it work? Hackers use hacked databases containing e-mail/password pairs and automatically test them on various sites (e-commerce, social networks, online platforms).

Their objective? Data theft, financial fraud and identity theft.

Don't let your credentials become a gateway for cybercriminals!

5 ways to protect yourself

Activatemulti-factor authentication (MFA).

Use unique, complex passwords.

Detect and block suspicious connections.

Limit connection attempts to counter bots.

Make your teams aware of good cybersecurity practices

5. Abusive surveillance of employees: €40,000 fine for a real estate company!

On December 19, 2024, a real estate company was sanctioned by the CNIL (National Commission for Information Technology and Civil Liberties) for excessive surveillance of its employees. The case, revealed on February 4, 2025, sends a clear message: employee surveillance must comply with the law, or face heavy penalties.

The company had set up :

Continuous video surveillance: cameras filming image and sound, including in break areas. Worse still, managers had real-time access via a mobile application.
Spyware on computers: installed without employees' consent, it recorded their activity. An inactivity of 3 to 15 minutes could even lead to... a salary deduction!

Serious shortcomings pointed out by the CNIL (National Commission for Information Technology and Civil Liberties) ):

No information to employees on the existence and use of these tools.
Inadequate data security, exposing personal information.
No Data Protection Impact Assessment (DPIA) to assess risks to employee rights.

The company was fined €40,000.

The call to order is clear: verify, yes, but not just any old way! A company must guarantee transparency, proportionality and respect for rights, on pain of heavy penalties.

6. AI hallucination phenomenon: Beware of false truths!

Are you familiar with this phenomenon?

Artificial intelligence has a surprising peculiarity: rather than admitting it doesn't know, it invents an answer.

How is this possible? It has to do with the way it works, which is based on probability calculations and not on a true understanding of meaning or verification of facts.

The result? One answer may seem credible... but isn't really!

A reminder of good practice when using AI

Ask for sources: Information without a source? Beware! Always check that the AI cites reliable references.

Cross-referencing information: Reliable data needs to be confirmed by several independent sources. Don't rely on a single answer.

Keep a critical eye: Analyze coherence, spot contradictions and be alert to possible biases.

AI is a tool, not an absolute truth! Always use it with care and discernment.

7. DeepSeek: Chinese AI already banned in Europe! Why and what consequences?

On January 27, 2025, a new player in generative AI entered the scene: DeepSeek, a Chinese AI with ambitions to rival ChatGPT... but at 96% less cost ($6 million vs. $2.85 billion for OpenAI). An impressive competitive advantage, but at what price?

But as soon as it was launched, DeepSeek was already at the heart of a major scandal... A massive leak of sensitive data was revealed: logs, private conversations, API keys... In other words, a catastrophe for user confidentiality!

Blatant non-compliance with the GDPR

Total opacity: No clear information on the nature, source or Purpose the data collected.
Illegal data transfer: Storage on Chinese servers, with no guarantee of protection, exposing users to massive surveillance.
Lack of consent: DeepSeek collects and processes data without users' explicit consent, a direct violation of the GDPR.

Italy responds immediately

DeepSeek banned from the App Store and Play Store in less than 48 hours.
The GPDP (Italian equivalent of the CNIL (National Commission for Information Technology and Civil Liberties)) demands explanations within 20 days.
A high risk of penalty, similar to the 15 million euro fine imposed on OpenAI last December.

Subcontracting companies: Beware of your technological choices!

Avoid using American or Chinese tools to develop your functionalities. Your clients won't take the risk of having their data transferred without their consent and will prefer GDPR providers.

At Dipeeo, we go beyond GDPR compliance. We support you in your technological choices to transform GDPR into a true business ally for your company.

8. Is your company using AI? 3 steps to RIA compliance

The Artificial Intelligence Regulation (AIR), in force since August 1, 2024 across the EU, imposes strict rules to frame the use of AI. Don't miss out: follow these 3 key actions to avoid sanctions.

1. Identify your AI systems

Identify all the AI tools used in your company: recommendation, internal management, AI assistants. .. Nothing should be left to chance.

2. Classify your AIs according to their level of risk

Each AI must be assessed to determine which obligations apply.

3. Meet your RIA obligations

General-purpose AI: Inform users and keep a record of activities.
AI at risk in terms of transparency: Informing users.
Minimal-risk AI: No obligation.
High-risk AI: Perform an AI Impact Analysis (AIIA), inform users and keep a log of activities.
AI at unacceptable risk: strict ban, immediate halt to development and use.

A few tips to help you meet your obligations:

✔ Add your AI systems to your processing register (already required by the GDPR).

✔ Update your privacy policy and information systems charter to clearly inform your users.

✔ Need help? Call on Dipeeo to carry out a full impact analysis, assess the risks of your high-risk AI and demonstrate your compliance.

9. REPLAY: AI and GDPR - What your company absolutely needs to know

Are you integrating AI to boost your performance?
Are your teams already using AI tools without a regulated framework?
What are the risks for data protection and GDPR compliance?

Get ahead of the game: discover how to master GDPR issues related to AI and explore a GDPR AI solution.

Anaïs Guilloton

Marketing Manager - GDPR Expert