Following investigations at the French retailer and wholesaler, the French data protection authority has identified several breaches.
Data is stored too long!
Last year, the French data protection authority CNIL received several reports or complaints about the Carrefour Group. The CNIL took action in response. On-site inspections were carried out in May and July 2019. It was found that data was being stored for too long and that the information obligations under the GDPR were also being violated. A retention period of four years after the last purchase was practiced. According to the data protection authority, this is too long. The inspections revealed that the group of companies continues to store data from over 28 million former customers. This data comes from a bonus program, and the customers have not been active for at least five years. In some cases, data from more than five years was still stored. This was also the case for the carrefour.fr site, which has more than 750,000...
