According to the International Association of Privacy Professionals (IAPP), the French data protection authority, CNIL, has announced a 250,000 euro fine against retailer Spartoo for violations of the EU's GDPR. An investigation into the handling of customer and employee data has revealed Spartoo violated data minimization principles and retention periods while failing to meet GDPR obligations to ensure data security and inform individuals.