The CNIL has sanctioned the AG2R La Mondiale group for violating data retention provisions under the EU General Data Protection Regulation.

In 2019, the CNIL carried out an inspection in 2019 to verify the compliance of processes implemented within the framework of its system of managing the supplementary pensions of employees of the private sector as well as of its insurance activity. 

The CNIL discovered that the Mutual Insurance Group company AG2R La Mondiale kept the data of millions of people for an excessive period of time and failed to comply with information obligations in connection with canvassing campaigns. 

Subsequently, the body of the CNIL responsible for pronouncing sanctions considered that the company had failed to meet two fundamental obligations provided by the GDPR:

  • A breach of the obligation to limit the retention period of data (article 5.1.e of the GDPR)
  • A breach of the obligation to inform individuals (articles 13 and 14 of the GDPR)

Subsequently, a fine of 1,750,000 euros has been imposed. 

Missed PrivSec Global’s livestream experience?

No problem, simply CLICK HERE to access the sessions on demand