Emily BarwellAs a data protection lawyer, I often seen companies push data retention or data deletion policies to the bottom of the list.
It's sometimes seen as less important, because customers don't typically see this.
However, a recent fine by the CNIL shows there are real risks in delaying and never quite getting round to it. 😬
In this instance, Discord (a popular chat platform for gamers 🎮) received a fine over 800,000 euros for:
❌ Not having a written data retention policy
❌ Not having specific retention periods or criteria for determining retention periods
❌ Failing to ensure data protection by default in the way the application sat in the background on Windows platforms
❌ Failure to ensure security by not setting strong enough password criteria
❌ Failure to carry out data protection impact assessments.
If you are a company dealing with customers in the EU or UK, there is no better time than now to be elevating data retention/deletion on your 'to do' list. ✔️
#dataprotection #dataprivacy #dataretention #datadeletion #dataprocessing #gaming #gamingnews #GDPR #UKGDPR
DISCORD INC. fined 800 000 euros
The context DISCORD is a voice over IP (technology that allows users to chat via their microphone and/or webcam over the Internet) and instant messaging service, in which users can create servers, text, voice and video rooms. The service is published by DISCORD INC, a company based in the United States.