The site did not have clear and specific information
Posted: Tue Jan 21, 2025 9:16 am
The inspection carried out by the Guarantor revealed that at the time of registration, the information on the platform did not contain any information regarding the processing of user data for the use of the services offered, nor information on the possibility of exercising the rights provided for by privacy legislation, including that of filing a complaint with the Guarantor.
Furthermore, the owner of the site did not have a specific Privacy Policy regarding the retention times of the processed data, limiting himself to randomly deleting the data of inactive accounts.
Read also “ What is a Privacy Policy and how to create one in compliance with the law ”
– The owner did not have a register of processing activities
In addition to not having a compliant Privacy Policy, the owner also did not chile phone number list comply with other requirements set out in the GDPR . The company, despite being required to:
He had not drawn up the register of processing activities,
He had not appointed a Data Protection Officer (DPO),
It had not prepared the data protection impact assessment (DPIA) required by the European Regulation.
The corrective measures imposed by the Guarantor
In light of the numerous violations found, the Guarantor fined the site 200,000 euros and ordered a series of corrective measures to comply with privacy legislation and to strengthen data security.
In particular, as reported by the Guarantor in its note, the company must:
identify retention periods for the personal information processed
delete user profiles whose retention period is excessive
draft the impact assessment
equip themselves with systems aimed at strengthening the security of customer data.
Furthermore, the owner of the site did not have a specific Privacy Policy regarding the retention times of the processed data, limiting himself to randomly deleting the data of inactive accounts.
Read also “ What is a Privacy Policy and how to create one in compliance with the law ”
– The owner did not have a register of processing activities
In addition to not having a compliant Privacy Policy, the owner also did not chile phone number list comply with other requirements set out in the GDPR . The company, despite being required to:
He had not drawn up the register of processing activities,
He had not appointed a Data Protection Officer (DPO),
It had not prepared the data protection impact assessment (DPIA) required by the European Regulation.
The corrective measures imposed by the Guarantor
In light of the numerous violations found, the Guarantor fined the site 200,000 euros and ordered a series of corrective measures to comply with privacy legislation and to strengthen data security.
In particular, as reported by the Guarantor in its note, the company must:
identify retention periods for the personal information processed
delete user profiles whose retention period is excessive
draft the impact assessment
equip themselves with systems aimed at strengthening the security of customer data.