France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined legal service provider Infogreffe 250,000 euros for violating the EU General Data Protection Regulation. An investigation found alleged violations of data retention requirements under Article 5(1)(e) of the GDPR and data security obligations under Article 32. The CNIL found 25% of Infogreffe users had their data held by the website beyond the stated 36-month period.
13 Sept. 2022
CNIL issues 250K euro fine over data security, retention violations
RELATED STORIES
Notes from the IAPP Canada: DPAs to gather for 46th Global Privacy Assembly
Presidential election 2024: Where the candidates stand on privacy and AI governance policy
A view from DC: US government builds AI governance through policies, panels and procurement
Ontario IPC's Transparency Challenge submissions showcase personal data utilization
Notes from the Asia-Pacific region: Facial recognition in focus for NZ