Details:
| Summary | The French DPA (CNIL) has fined private insurer SGAM AG2R LA MONDIALE EUR 1,750,000. The CNIL had carried out an inspection at the AG2R LA MONDIALE group in 2019. On this occasion, the CNIL found that the controller kept the data of millions of individuals for an excessive period of time and did not comply with their information obligations in the context of telephone canvassing campaigns. With regard to the data of prospects, the controller did not comply with the maximum retention period of three years defined in the reference framework and in the Group’s processing register. As a result, the controller retained the data of nearly 2,000 customers who had not been in contact with the controller for more than three years, and in some cases five years. In relation to customer data, the controller did not comply with the maximum statutory retention periods stipulated in the Insurance Code and the Commercial Code. In this case, the controller retained the data of more than 2 million customers, some of which were sensitive (health) or specific (banking data), beyond the legally permitted retention periods after the end of the contract. |
| Link: | link |
| Related articles: | Art. 5 (1) e) GDPR, Art. 13 GDPR, Art. 14 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 1,750,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/