France: Issued ruling on PAP investigation regarding GDPR breaches

On 31 January 2024, the French Data Protection Authority (CNIL) issued a ruling against PAP, a company that operates the real estate website pap.fr, for violations of the General Data Protection Regulation (GDPR). The investigation, conducted in March and April 2022, revealed breaches related to data retention periods, data security, and subcontractor agreements. The CNIL imposed a fine of EUR 100'000 on PAP for these infringements. The decision was made in cooperation with the relevant European control authorities, as PAP's website has visitors from several European Union member states and Norway.