Polish marketing agency fined €47.000
- Failed to provide users with an easy way to revoke their consent
- Breached the principles of transparency and fairness in processing
- Violated the right to be forgotten
- Processed personal data without a lawful basis
- Failed to implement appropriate measures under article 24 (responsibility of data controller)
Withdrawal of consent must be as easy as giving consent
Processing without a legal basis
4 tips to avoid the same fine
- Be sure to collect and process your users’ data properly. You must have a lawful basis that is either consent (most probably) or legitimate interest (it can be proven).
- Be transparent and inform your users what data you collect, process, for how long, and who else has access to the data (third-party providers).
- Provide your users with an option to decline the processing of their data and offer them an easy way to revoke their consent.
- Citizens in the EU have the right to be forgotten. You must be able to delete all data on your users if required.