On November 21, 2019, the French data protection authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) imposed a €500,000 fine on Futura Internationale, a midsized French company, for serious infringements of the EU General Data Protection Regulation (the “GDPR”) in connection with cold calling campaigns.
The CNIL sanctioned Futura Internationale for, inter alia, failing to provide adequate information and effectively implement current and prospective clients’ opt-out requests, as well as recording excessive comments about them. The French authority also found that Futura Internationale failed to provide sufficient safeguards to enable the international transfers of data to call centers located outside of the European Economic Area (the “EEA”). While this enforcement action is not unexpected as it relates to infringements of essential provisions of the GDPR, it sheds an interesting light on the CNIL’s expectations that companies implement and demonstrate effective measures to comply with the GDPR.
Read the full post on the Cleary Cybersecurity and Privacy Watch blog here.