Storage period exceeded
During an inspection by the French data protection authority CNIL in 2019 at the AG2R LA MONDIALE group, a private insurance company from France, it was checked for the proper processing of customer data. The authority found data breaches on the insurance side. The company has violated the principle of storage limiting because data from millions of customers was stored for too long periods of time. Retention periods were defined by the insurance company, but they were not implemented in the software. As a result, the maximum retention period of three years was exceeded.
Entscheidungsdatum:
22.07.2021
Land:
France
Art des Verstoßes:
Illegal data collection
Betroffene Datensätze:
several million
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 1,750,000,-
Violation of GDPR Paragraph:
13. Information to be provided where personal data are collected from the data subject
14. Information to be provided where personal data have not been obtained from the data subject
5. Principles relating to personal data processing
Quelle:
CNIL's fine notice