1. Available at: www.cnil.fr/fr/gestion-commerciale-et-gestion-des-impayes-la-cnil-lance-une-consultation-publique-sur-les-futurs 2. Available at: www.cnil.fr/sites/default/files/atoms/files/referentiel-gestion-commerciale.pdf 3. Available at the following address: www.dataguidance.com/opinion/france-cnil-standard-processing-personal-data-purpose-debt-management In addition, the CNIL has found that the processing must be objectively necessary for the execution of the contract. CNIL has indicated that the processing must not satisfy the controller`s purposes other than the performance of the contract and that, therefore, the need should not be assessed on the basis of the form of the contract, but on the basis of the objective of the treaty and the common agreement between the parties. In addition, the CNIL stated that in the event of termination of the contract or infringement, the data retained by the controller must then be deleted on the basis of Article 17 of the GDPR. The standard states that personal data can generally only be accessed to authorized employees with respect to their roles and access profiles. Where data controllers appoint a processor, the agreement between the responsible authority and the processor must highlight the responsibilities of the processors referred to in Article 28 of the GDPR.