Furniture Store Fined Under GDPR For Failing To Delete Personal Data

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLPIf you retain personal data indefinitely, or have not given thought to your retention schedule – now may be the time to take another look.

The Danish Data Protection Authority has fined a furniture store 200,000 EUR for failure to delete personal data, not having a data retention schedule and not adequately documenting its personal data deletion procedures in violation of GDPR requirements for deleting data no longer necessary for the purpose.

The inquiry revealed that in certain of of the chain’s furniture stores, an older system retained information about approximately 385,000 customers’ names, addresses, telephone numbers, e-mails and purchase histories , with no planned schedule for deletion. The Danish authority held that “Determining when the collected and registered personal data are no longer needed for the purposes for which they are processed, and thus when the information is to be deleted from the systems, is the first and most basic step towards establishing correct and functioning personal data deletion procedures.”

Read the full decision by the Danish DPA.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide