🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in
The NS Cards France case: How to avoid GDPR fines?  

Find out how NS Cards France could have avoided sanctions thanks to Data Comply One (formerly Mission RGPD)

Home Our references & Testimonials The NS Cards France case

GDPR fine of 105,000 euros for an SME  

 

⏭ The context

NS CARDS FRANCE is a company which publishes the neosurf.com and l’ sitemobile application  "Neosurf" allowing you to make online payments after registering for the service.

At the end of 2021, the CNIL carried out two inspections of the company. During its investigations, it noted shortcomings concerning the retention periods of user account data, the information of individuals, the security of data and the methods of depositing cookies and trackers on the users' terminal.

Consequently, the  restricted training   body of the CNIL responsible for imposing sanctions – imposed two fines against NS CARDS FRANCE:

  • a fine for breaches of the General Data Protection Regulation (GDPR). This fine was taken in cooperation with 17 European counterparts of the CNIL under the one-stop shop, as the website has visitors in several member states of the European Union as well as Norway.
  • a fine concerning the failure relating to the use of cookies and trackers (article 82 of the Data Protection Act). In this case, the CNIL is competent to act alone.

In order to determine the amount of the  sanction, the CNIL took into account the nature of the breaches, the negligence shown by the company, the categories of personal data (including banking data), the number of people concerned and the financial situation of the company.

💶 Sanctions imposed

The CNIL pronounced a sanction  105,000 euros against the company NS CARDS FRANCE for non-compliance with the rules on cookies and trackers as well as for several breaches of the GDPR, concerning the duration of data retention, personal information and security Datas.

Here are the Shortcomings:

❌ Shelf life

The CNIL noticed that user data was kept for one indefinite duration.
❌ Privacy Policy  
On the other hand, the  Privacy Policy  the site and application was incomplete, outdated and available only in English.
❌ Data security  
 In addition, the passwords were not complex enough and 50,000 passwords were kept in plain text, in a file, and associated with users' emails. The risks of data leaks were therefore high.
❌ Cookies
 Finally, the cookies Google analytics and reCAPTCHA were placed on the user's hardware without their consent.

 

Solutions for avoid these shortcomings with the all-in-one Data Comply One platform (formerly Mission RGPD)

✅ SOS retention periods  

 Use " SOS shelf lives " in your virtual assistant to consult the retention periods recommended by the CNIL.

✅ Legal resources, GDPR Visa and Expert Support

Inform your application and website users using our "model" Website privacy policy " available in legal resources. By validating your GDPR visa with your expert, you ensure that your information is complete and your cookies banner meets the expectations of the CNIL.

Find out how to avoid GDPR sanctions with Data Comply One (formerly Mission RGPD)

To view this video, authorize the YouTube Cookies cookie in our cookies banner.
Yes, viewing videos on YouTube is linked to accepting the storage of cookies to provide targeted advertising. Don't panic, just click on "Accept YouTube Cookies". And if you ever change your mind, you can withdraw consent once the video is finished. To find out more, see YouTube's cookies policy.

Request a demo