On 7 October 2020, the French DPA (”CNIL”) published guidance on the set of measures the companies should implement in order to ensure compliance with data protection requirements when keeping customer data registers. The recommendations focus on minimizing the amount of data, ensuring purpose limitation and limited disclosure of data, deletion of data after 14 days and ensuring the confidentiality of data.
The recommendations may be accessed here (only in French).
