The French Supervisory Authority (CNIL) applied a €500,000 fine on BRICO PRIVÉ for several infractions of the GDPR. Following three inspections conducted between 2018 and 2021, CNIL found that this company fail to comply with the storage limitation principle (article 5(1)(e) GDPR) and its transparency, information, and data security obligations (articles 5(1)(a), 13 and 32 of the GDPR, respectively). Moreover, CNIL also found BRICO PRIVÉ has failed to comply with data subjects’ requests as per article 17 of the GDPR. Besides the GDPR, the company was unable to comply with other French laws that govern electronic communications.
https://www.cnil.fr/fr/sanction-de-500-000-euros-lencontre-de-la-societe-brico-prive