France's data protection authority, the Commission nationale de l’informatique et des libertés, announced a 1.75 million euro fine against multinational insurer AG2R La Mondiale for violating data retention provisions under the EU General Data Protection Regulation

Sanction of 1.75 million euros against AG2R LA MONDIALE
July 22, 2021
The restricted CNIL formation sanctioned SGAM AG2R LA MONDIALE for failing to comply with the GDPR obligations relating to retention periods and information to individuals.

The CNIL carried out an inspection in 2019 with the AG2R LA MONDIALE group. This aimed to verify the compliance of the treatments implemented within the framework of its mission of managing the supplementary pensions of employees of the private sector as well as of its insurance activity.

On this occasion, the CNIL noted that the Mutual Insurance Group company AG2R LA MONDIALE (SGAM AG2R LA MONDIALE), in charge of coordinating the insurance activity of provident insurance, dependency, health, savings and supplementary retirement of the group, kept the data of millions of people for an excessive period of time and failed to comply with information obligations in connection with canvassing campaigns.

On the basis of these elements, the restricted formation - body of the CNIL responsible for pronouncing the sanctions - considered that the company had breached two fundamental obligations provided for by the GDPR. It thus imposed a fine of 1,750,000 euros and decided to make its decision public.

The restricted committee also took note of the compliance measures adopted by the company concerning the limitation of the retention period and the information of individuals.