France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined legal service provider Infogreffe 250,000 euros for violating the EU General Data Protection Regulation. An investigation found alleged violations of data retention requirements under Article 5(1)(e) of the GDPR and data security obligations under Article 32. The CNIL found 25% of Infogreffe users had their data held by the website beyond the stated 36-month period.
13 Sept. 2022
CNIL issues 250K euro fine over data security, retention violations
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
