The French data privacy regulator Commission nationale de l’informatique et des libertés (CNIL) has reportedly fined real estate marketplace website Sergic for GDPR failures.
A fine of €400,000 was given to the company for not maintaining and not limiting the storage of personal data, according to a report from the paypers. This is a hefty fine for the company as it represents 1 per cent of its yearly turnover.
An investigation into the company was conducted by the CNIL after it was found anyone on the Sergic website could access documents and files stored by other users including personal information. All a user needed to do to access the information was make simple alterations to the URL, the article said.
Information accessible in this manner included ID documents, death and marriage certificates, banking information, health cards, and social insurance cards, among other details.
Sergic is an online marketplace for the renting, buying and selling of property. Consumers can search for a variety of property types and living styles across 20 French cities.
This is not the first GDPR fine to be issued by the CNIL this year. The regulator recently fined Google €50m for a lack of transparency, information and effective consent around data.
Copyright © 2019 FinTech Global
