(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Fine in the amount of 150 000 euros applied by the French Supervisory Authority to KG COM for the failure to comply with its obligations stipulated in GDPR and French Data Protection Act

Fine in the amount of 150 000 euros applied by the French Supervisory Authority to KG COM for the failure to comply with its obligations stipulated in GDPR and French Data Protection Act

img 508 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the fine in the amount of 150 000 euros applied by the French Supervisory Authority (CNIL) to KG COM for the failure to comply with its obligations stipulated in GDPR and French Data Protection Act.

KG COM operates several websites to offer its customers clairvoyance readings by chat or phone. Following the publication of a press article in 2020 revealing the existence of a personal data breach involving the company, the CNIL carried out three investigations into KG COM.

Following the investigations, CNIL found several violations, such as:

  • Failure to minimise the personal data collected and used (Article 5.1.c GDPR)
  • Failure to have a legal basis for the use of banking data (Article 6 GDPR)
  • Failure to obtain prior consent to the collection of special categories of data (Article 9 GDPR)
  • Failure to ensure data security (Article 32 GDPR)
  • Failure to notify the CNIL of data breaches (Article 33 GDPR)
  • a breach of the obligations related to the use of cookies (Article 82 of the French Data Protection Act)

Consequently, the CNIL imposed two fines on KG COM:

  • a fine of 120 000 euros for infringements of the GDPR. This fine was taken in cooperation with the European CNIL counterparts (Belgium, Luxembourg, Italy, Spain, Portugal, Bulgaria, Berlin et Ireland) within the framework of the one-stop shop procedure, as KG COM has customers and prospects from several Member States of the European Union;
  • a fine of 30 000 euros for non-compliance relating to use of cookies (Art. 82 of the French Data Protection Act).

In order to determine the amount of the fine, the CNIL took into account the particularly high number of infringements of the data protection rules, the sensitivity of the personal data processed (health data, information relating to sexual orientation) and the number of data subjects.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Reprezentanții Centrului Național pentru Energie Durabilă instruiți în domeniul protecției datelor cu caracter personal

       La data de 17 octombrie 2025, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru reprezentanții Centrului Național pentru Energie Durabilă (CNED), la solicitarea acestora.        Cursul de instruire a avut drept scop familiarizarea funcționarilor din […]

img 32 Views
img
Representatives of the Border Police Sector “Chisinau International Airport” of the Border Control General Directorate trained in the field of personal data protection

       On October 15, 2025, the National Center for Personal Data Protection (NCPDP) organized a training session in the field of personal data protection for representatives of the Border Police sector “Chisinau International Airport” of the General Inspectorate of Border Police (GIBP), according to the training plan within the GIBP subdivisions for 2025, […]

img 24 Views
img Video gallery
img Information