CNIL Fines KG COM for GDPR and Data Protection Act Violations

The CNIL (National Data Protection Commission) fined KG COM, a company offering clairvoyance readings by chat or phone, 150 000 euros for failing to comply with its obligations under the GDPR and the French Data Protection Act. Upon carrying out three investigations following a press reveal of the existing personal data breach, CNIL identified several infringements from KG COM, which include systematic recording of phone calls, collection of health data and information relating to sexual orientation without prior explicit consent , retention of banking data without providing an appropriate legal basis, failure to notify a data breach and rule violation in regards to cookie usages. The fine was calculated based on the number of infringements, sensitivity of collected data, and amount of affected individuals.