France: Adopted CNIL guidance on commercial management and unpaid debts management

On 3 February 2022, the National Commission on Informatics and Liberty (CNIL) issued two new standards on data processing in regards to commercial activities and the management of unpaid debts. The two standards provide organisations with guidance on how to identify and apply the principles of the General Data Protection Regulation to the processing of data in their commercial activities and the management of unpaid debts. The first standard provides a framework for data processing for the identification of people that have unpaid debts to ban them from making other transactions. The second standard outlines specific guarantees that have to be implemented in the management of unpaid bills, such as information retention in regards to the signing of the contract and the sending date of invoices, and data deletion if a debt was regularized.