|On August 5, 2020, the French Data Protection Authority (CNIL) has announced its decision to impose a €250,000 fine on Spartoo SAS for violating multiple provisions in the GDPR. |
Principle of transparency under article 5(1)(a) mentions, all the processing of the personal data should be lawful, fair and transparent to the individuals. This principle of transparency necessitates that any exchange of information related to the handling of all of these personal data be readily available and easy to understand,
Principle of data minimisation under Article 5(1)(c) outlines, that the data collected and processed should not be retained or further used unless this is essential for reasons that were clearly stated in advance to support data privacy,
Principle of storage limitation under Article 5(1)(e) states, that the personal data should only be obtained for specified, explicit and legitimate reasons of course and not further analysed. Personal data may be stored for longer periods but solely for archiving purposes in the public interest, scientific or historical research purposes,
Obligation to implement appropriate technical and organisational security measures under Article 89 (1), ensures the protection and freedoms of the individuals.
CNIL discovered that Spartoo retained the data for longer than was necessary under article 5(1)(e) of the GDPR. Also, failed to abide by the obligation to inform under article 13 of the GDPR, and failed to take adequate measures to ensure the security of data as required by Article 32 of the GDPR.
Act swiftly to review the practices of your businesses and inspect the handling of personal information within your organisation email and file data. Waterford Technologies is on hand to help you develop and implement a compliant retention environment for your email and file data.
Contact our Sales team now or request a free demo to see how Waterford Technologies can help your organisation with their data retention management for GDPR and numerous other global data protection legislation.