A newspaper JDSupra informed about recent activities of French authorities regarding the GDPR:
“The French Supervisory Authority (CNIL) wrapped up 2020 with a EUR 20,000 fine against NESTOR, a French food preparation and delivery company catering to office employees (see full decision here in French). The CNIL highlighted various breaches of the General Data Protection Regulation (GDPR) 2 and the ePrivacy Directive regarding the processing of prospects and clients’ personal data by the CNIL, most notably:
- The lack of prior consent of the prospects to receiving direct marketing communication by electronic means, thereby violating Article L.34-5 of the French Post and Electronic Communications Code (CPCE);3
- The failure to properly inform individuals4 whether:
- Upon the creation of their account on the company’s platform, or
- Upon indirect collection through external sources;
- The failure to properly address Data Subjects’ Access Requests (DSAR).5″
To see the complete article follow this link