Iliad Group’s French telecoms unit Free was fined €300,000 for breaches of GDPR rules, after customers complained of difficulties in accessing and controlling the information held about them.

The Commission Nationale de l’Informatique et des Libertes (CNIL) stated Free had breached obligations around users’ rights of access to personal data, to have details erased and ensure information was secure.

CNIL conducted an investigation spanning two years following customer complaints dating to 2019 over difficulties in managing their information.

It claimed the operator had also been lax regarding passwords, citing mishandling in Free’s systems and a lack of procedures when communicating with users over their details.

CNIL warned the company will face “a penalty payment of €500″ per day if it fails to settle the fine within three months.