The specific charge relates to the company sending thousands of emails without recipients’ consent. The CNIL outlined that recipients included individuals with account on the company’s website or application but had not made purchases. Additionally, the company targeted individuals whose data was collected through the internet.
Learn More: GDPR How OneTrust Helps
What should email marketers know about GDPR fines and compliance?
The GDPR provides data subjects with rights such as data portability, access, erasure or “right to be forgotten”, rectification, and more. Additionally, marketers are held to high standards when processing personal data based on consent.
These standards for consent include: specific, clear, and in plain language, not buried in legal notices, not grouped with multiple notices, easy to withdraw, etc.
Organizations must be able to demonstrate that granular consent options were provided to the data subject.
Relevant GDPR Articles
- Conditions for Consent – Article 7
- Transparent Information, Communication, and Modalities for the Exercise of the Rights of the Data Subject – Article 12
- Information to be Provided Where Personal Data are Collected from the Data Subject – Article 13
How OneTrust Helps with GDPR Compliance
OneTrust provides a consent management solution that can be embedded into the organization’s website, devices, and internal systems by capturing consent transactions in a standardized way. Making it easy for organizations to demonstrate consent individually to regulators. This also helps to provide data subjects with a list of all consents.
Next steps on CNIL Fines and GDPR Compliance:
- Watch the webinar to learn the top three things email marketers should keep in mind when it comes to GDPR compliance, CNIL enforcements, and building trust with your audience.
- Connect with a OneTrust team member to request a demo or learn more about how we can help you demonstrate consent and ensure compliance.
Further Reading on CNIL Fines and GDPR Compliance:
- OneTrust Resource: GDPR Compliance – Operationalize Privacy and Automate Record Keeping
- DataGuidance News: France: CNIL issues €20,000 fine
- Regulatory Guidance: CNIL: Press release and decision (available only in French)