Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

French DPA imposes €300,000 GDPR fine on FREE MOBILE

CNIL imposes a €300,000 GDPR fine on FREE MOBILE

On December 28, 2021, French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL) imposed a €300,000 GDPR fine on FREE MOBILE, for failing to provide appropriate security measures for the protection of personal data and to respect the rights of individuals. 

After receiving multiple complaints from the individuals about difficulties they have encountered when wanting to exercise their GDPR rights– the right to access their personal data, and the right to object to receiving commercial offers and messages, CNIL conducted an on-site investigation.

Results of the investigation

The investigation revealed that the FREE MOBILE did not respond to data subject access requests within the legal time limit, thus violating Article 12 and Article 15 and failing to respect the right to object to the processing (Article 12 and Article 21).

Additionally, CNIL discovered that the mobile operator continued to send invoices to the individuals for subscriptions that had been canceled and did not implement the concept of data protection by design (Article 25).

The company also transmitted users’ passwords in clear text by email when users subscribed to an offer. These passwords were not temporary and the company did not require them to be changed by the user.

Therefore CNIL found this to be a violation of Article 32 and the obligation to ensure the security of personal data.

You can read the entire decision in French.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top