seers-logo-1.svg
BOOK A DEMO
START FREE
gb.svg
seers-logo-1.svg
open-menu-icon

£224,000 Fine for Leading Online Retail Store

CNIL

French shoe retailer: Spartoo SAS has been guilty of GDPR violations. The French regulator: CNIL has imposed a whopping £224,000 fine on the retail store for the infringement of GDPR. The EU supervisory authorities have also been a part of this investigation along with the CNIL.

Need_a_DPO

Located in France, Spartoo SAS is one of the leading brands within the European online shoe retail market. After the GDPR implementation, the French Data Protection Authority (the CNIL) launched an on-site investigation of Spartoo.

The CNIL ruled out its verdict on 28 July 2020, on the basis of not one, but four different infringements of the GDPR. Spartoo is expected to appeal the CNIL’s decision within two months.

The power held by the CNIL is sanctioned by the law under GDPR Article 56, whereby the supervisory authority of the main or single establishment of a data controller is competent to act as the lead supervisory authority for the cross-border processing carried out by that controller.

Spartoo is based in France and operates 16 retail websites for customers in 13 EU Member States along with operations and sales in the UK.

The CNIL found that Spartoo was in violation of the following provisions of the GDPR:

  • Data minimization under Article 5.1(c)
  • Storage limitation under Article 5.1(e)
  • Right to be informed (transparency) under Article 13
  • Security of processing under Article 32

The fine was calculated on the basis of the financial information provided by the company. This fine is approximately 0.1% of Spartoo’s annual global turnover, which like many other lenient fines is well below the 4% maximum limit set by GDPR Article 83.

The factors that influence the decision of the value of the fine were:

  • Most of the violations existed prior to the GDPR
  • The high-risk nature of some data (in particular bank details)
  • The number and severity of the infringements without a legitimate purpose or adequate information
  • The number of data subjects impacted

Any company worried about the transition period for Brexit in the UK can benefit from a free 30-minute consultation with a leading privacy expert on the Seers platform. Our experts are ready and equipped to advise on various essential components of GDPR compliance, as well as, Brexit readiness and fulfilling EU/ UK Representative obligations.

You can book your 30 min free consultation here.

Need_a_DPO

seers-logo-1.svg

Office

United Kingdom
24 Holborn Viaduct
London, EC1A 2BN

info@seersco.com

Facebook Linkedin-in Twitter Youtube

About Us

Products

Resources

footer-bg-graphics.svg

The ultimate

guide to GDPR

Avoid the legal reprimands, plan and protect your business now.
Here’s what you need to know in a nutshell.
Know More
icoceplusbadge.svg
chambers.svg
wcag2.1AA-blue-v.png
google-consent-mode.svg
child-privacy-consent.svg
wordpress-rating.svg
joomla-rating.svg
magento-rating.svg
capterra-rating.svg
get-app-rating.svg
software-rating.svg
Trustpillot-rating.svg
google-rating.svg
Seers Group © 2023 All Rights Reserved
Terms of use | Privacy policy | Cookie Policy | Sitemap