CNIL fines
On January 5th, 2020, the CNIL, the French data protection authority, issued a fine for sales prospecting without consent. This comes as no surprise as the CNIL is one of the most active regulators in the EU.

The specific charge relates to the company sending thousands of emails without recipients’ consent. The CNIL outlined that recipients included individuals with account on the company’s website or application but had not made purchases. Additionally, the company targeted individuals whose data was collected through the internet.

Learn More: GDPR How OneTrust Helps 

The CNIL highlighted that the web form collecting personal data did not contain the required privacy information from the individuals. In addition to this, the company’s online privacy policy was also incomplete, too general, and imprecise. Furthermore, data processing information was not provided at all for those users that registered on mobile apps.

What should email marketers know about GDPR fines and compliance?

The GDPR provides data subjects with rights such as data portability, access, erasure or “right to be forgotten”, rectification, and more.  Additionally, marketers are held to high standards when processing personal data based on consent.

These standards for consent include: specific, clear, and in plain language, not buried in legal notices, not grouped with multiple notices, easy to withdraw, etc.

Organizations must be able to demonstrate that granular consent options were provided to the data subject.

Relevant GDPR Articles

How OneTrust Helps with GDPR Compliance 

OneTrust provides a consent management solution that can be embedded into the organization’s website, devices, and internal systems by capturing consent transactions in a standardized way. Making it easy for organizations to demonstrate consent individually to regulators. This also helps to provide data subjects with a list of all consents.

Next steps on CNIL Fines and GDPR Compliance: 

Further Reading on CNIL Fines and GDPR Compliance: