SERGIC
€400K($432K USD)final
Date Issued
2019-05-28
Regulation
Authority
French Data Protection Authority (CNIL)
Country
France
Violation Type
Failure to implement sufficient measures to ensure information security
Currency
EUR
Violation Summary
The company was fined because of two reasons – the complete lack of security measures, and excessive data storage. Regarding the former reason, personal data, including health cards, IDs, divorce judgments, and account statements were available online with no authentication procedure. Moreover, the company breached the data storage deadline it had in place and kept clients’ data for more than it should have.
Articles Violated
Art. 32 GDPR