CNIL (France) - SAN-2025-014
Content
The Data Protection Authority has imposed a fine of 1 million euros on a data processor for failing to delete user personal data, processing that data for purposes that conflict with contractual agreements, and failing to maintain a register of processing activities. The Data Protection Authority has imposed a fine of €1,000,000 on a data processor for failing to delete user personal data, processing that data for purposes that conflict with contractual agreements, and failing to maintain a register of processing activities.
In summary (in English):
Finally, the Data Protection Authority found that the data processor violated Article 30 of the GDPR because it did not maintain a register of processing activities and because it did not provide the name and contact details of the data protection officer of the controller. Finally, the Data Protection Authority found that the data processor violated Article 30 of the GDPR because it did not maintain a register of processing activities and because it did not provide the name and contact details of the data protection officer of the controller. Therefore, the Data Protection Authority...
This content has been automatically translated using machine translation. The original version is available in the source language.
This content was automatically translated using machine translation. The original version is available in the source language.