French CNIL fines company EUR 500.000 fine for GDPR breach

CNIL, France’s data protection authority, fined 500,000 euros the company Futura Internationale for violations of the EU General Data Protection Regulation (GDPR). The company is a French SME specializing in thermal insulation of private buildings, and infringements related to the company’s direct marketing voice-to-voice calls. According to Hunton, the breach to the GDPR related to its failure to comply with the individuals’ objection to the processing of their personal data for direct marketing; the recording of excessive comments on specialised software; not providing sufficient notice regarding the recording of phone calls and data processing;  failing to cooperate with the CNIL; and failing to implement appropriate data transfer mechanisms for the data transfers to non-EU call center providers.