French DPA fines phone operator for various violations of the GDPR

10. January 2023

After receiving several complaints , in November 2022, the French Data Protection Authority (CNIL) decided to impose a fine of 300.000 Euros upon the French phone operator FREE for several violations of the rules contained in the GDPR.

In particular, findings included violations of:

  • Article 12 and 21 GDPR, regarding transparent communication on how the data subjects can exercise their rights, in particular the right of erasure.
  • Article 15 GDPR, regarding the right of access by the data subject.
  • Article 32 GDPR, regarding the security of personal data.
  • Article 33 GDPR, as FREE did not comply with the obligation to document a personal data breach.

As a consequence of these findings, CNIL decided to impose a fine upon FREE, with an order to comply with the GDPR’s rules regarding the management of access and erasure requests and to justify this compliance within three months from the decision, with an additional fine of 500 Euros for each day overdue.

Category: Data Protection · EU · French DPA · GDPR
Tags: , ,