News

The e-health sector is going through a major crisis with the massive intrusion suffered by Cegedim Santé, jeopardizing the personal data of nearly 15 million French patients. While medical records have become the priority target of cybercriminals on the dark web, this flaw highlights the fragility of digital medical infrastructures. This analysis deciphers the mechanisms of the attack, the risks of the supply chain (supply chain risk) and the concrete protection measures to be deployed to restore trust between practitioners and patients.

The month of March 2026 marks a turning point in digital governance with the forced convergence between cybersecurity, data protection and the regulation of artificial intelligence. Between the historic condemnation of Meta, the adoption of the Resilience Law transposing NIS 2 and DORA, and the official designation of the CNIL as the supervisory authority for the IA Act, compliance officers must now unify their processes. This summary analyzes systemic threats and regulatory changes to transform your obligations into performance drivers.

February 2026 marked a turning point with the designation of the CNIL as the supervisory authority for the AI Act, the launch of the first NIS2 audits and a record sanctions record of 486 million euros. Between critical cyberattacks (UNSS, Cegedim) and new requirements on EHDS or the marking of content generated by AI, the convergence between cybersecurity and data protection is becoming an operational obligation. This analysis analyzes the 9 pillars that are redefining compliance for businesses and public organizations.

In 2026, autonomous AI social networks are turning data protection into an algorithmic security challenge. These spaces, where humans become spectators of exchanges between language models, mask major risks of cognitive manipulation, data poisoning and model reversal. Compliance can no longer be limited to the management of data flows, but must uncover the human intentions behind each interaction to ensure information sovereignty and compliance with the GDPR in the face of the AI Act.

The Data Privacy Framework (DPF), adopted in July 2023, is the third attempt to secure data transfers between Europe and the United States. It establishes a level of protection deemed “substantially equivalent” through new redress mechanisms like the DPRC. However, this adequacy only applies to certified organizations and remains vulnerable to the US Cloud Act and future legal challenges from Max Schrems. To ensure lasting compliance, encryption and Standard Contractual Clauses (SCCs) remain the strongest technical and legal protections.

Wearable AI, illustrated by devices like the Friend.com necklace, captures data from those around us continuously. This evolution poses the challenge of third party AI consent, as voice is personal data protected by the GDPR. Compliance is based here on transparency, respect for the right to object and rigorous management of data processed outside of any prior framework (Shadow AI).

The role of the DPO is changing following the gradual entry into force of the Digital Omnibus (DSA, DMA, Data Act) and the AI Act. These texts require organizations to move from traditional GDPR compliance to a global data and AI governance strategy. The DPO is becoming a strategic player that must guarantee algorithmic transparency, data interoperability and the classification of AI systems according to their level of risk. The challenge for 2026 is the integration of compliance by design to prevent sanctions and transform these regulatory challenges into competitive advantage.

The recent viral advertising by InterMarché illustrates the power of emotion in digital marketing, but this success should not make us forget the major challenge of protecting personal data. Today, every digital interaction — from watching a commercial on social networks to browsing a site — involves the collection of information. For brands, consumer trust is no longer based solely on the quality of content, but also, and above all, on transparent and responsible management of their data, in line with the GDPR. Combining a strong message and respect for confidentiality is now the real guarantee of success in a hyper-connected world.

The Digital Omnibus, a European legislative project, aims to group and simplify digital texts, but could change pillars of the GDPR, the e-Privacy Directive and the AI Act, creating risks of weakening digital rights. For DPOs and Compliance Managers, it is crucial to anticipate these changes in the definition of personal data, legitimate interest and the processing of sensitive data in order to immediately strengthen governance and secure GDPR compliance.

Shadow AI — the unauthorized use of artificial intelligence tools within an organization — poses a critical threat to compliance with both the GDPR and the EU AI Act. Identifying hidden AI usage, establishing clear governance, and promoting responsible innovation are essential steps to turn this invisible risk into a driver of secure, compliant, and controlled innovation.

La vidéosurveillance algorithmique associée à l’IA transforme le contrôle et la sécurité dans l’espace public et privé, mais sa conformité au RGPD et à l’IA Act est essentielle pour protéger les libertés publiques, encadrer les algorithmes, limiter la conservation des données et garantir transparence et traçabilité.

In September 2025, GDPR news was marked by record sanctions from the CNIL, the entry into force of the Data Act, the validation of the Data Privacy Framework and new obligations for companies in terms of data, AI and transparency.

Complying with the GDPR is a challenge for all businesses. A dedicated RGPD software allows you to automate your legal obligations, centralize the management of personal data and significantly reduce the risks of sanctions.

The geolocation of children is attracting more and more parents concerned about safety, but it also raises legal and ethical risks. Between protection and surveillance, the legal framework (RGPD, CNIL) and sociological issues make it possible to understand where to put the limit to protect without locking in.

The NIS 2 directive reinforces cybersecurity obligations in Europe. Find out who is affected, what is changing in practice and how to effectively prepare for it.

Europe's dependence on U.S. digital services costs €264 billion a year and undermines its sovereignty. With extraterritorial legal influence, industrial backwardness, and economic short-termism, building sustainable digital autonomy requires a leap of faith.

Alors que le Data Privacy Framework devait rétablir un cadre de confiance entre l’Europe et les États-Unis, sa stabilité est aujourd’hui remise en question. Des membres du Privacy and Civil Liberties Oversight Board, garant clé de ce dispositif, ont été poussés à la démission, fragilisant un accord déjà critiqué pour sa base juridique instable. À l’approche d’un potentiel bouleversement politique aux États-Unis, l’Europe peut-elle encore s’appuyer sur un système aussi précaire pour protéger les données de ses citoyens ?

Alors que la directive NIS II entrera en application en octobre 2024 et que l’IA Act approche, les organisations doivent anticiper les impacts croisés de ces réglementations avec le RGPD. En combinant sécurité des systèmes, protection des données et gestion des risques, elles renforcent leur conformité globale et préparent une gouvernance numérique responsable et alignée sur les exigences européennes.

In an exclusive interview for Inspir', the Medef magazine, Angélique de Tourtier d'Adequacy shares her expertise on the GDPR, SMEs and the key role of the DPO. Learn about his powerful and compelling answers, and understand why GDPR compliance is critical for your business.

La CJUE a invalidé le Privacy Shield, remettant en question les transferts de données personnelles entre l'UE et les États-Unis. Découvrez les implications de cette décision pour les entreprises et comment garantir la conformité au RGPD, notamment via les clauses contractuelles types pour les transferts hors UE.

Le Privacy Shield est-il menacé ? Découvrez comment les transferts de données personnelles vers les États-Unis pourraient être interdits et quelles alternatives existent pour assurer la conformité RGPD face aux évolutions légales.

Because you should never live on your laurels, the Infhotep team in charge of the protection of personal data successfully passed the DPO certification at AFNOR Certification during the first session.

The Bouygues Group chooses Adequacy to support its GDPR compliance. Find out how the Infhotep solution helps Bouygues SA and its subsidiaries meet data protection requirements while supporting the innovation and personalization of their services.

Adequacy and Fair&Smart join forces to strengthen GDPR compliance. Together, they offer centralized management of user rights and consent, ensuring optimal data protection and a trusting relationship with customers.