The Italian supervisory authority, the Garante, has issued a fine of €16.7m to a company for conducting a number of unlawful marketing-related data processing activities. Such activities included failing to obtain recipients' consent prior to sending them marketing communications, and publishing incorrect information in its privacy notices which in turn meant that recipients could not exercise their right to withdraw from receiving such marketing communications or object to the processing of their personal data for marketing purposes. Both of which they have the right to do under the GDPR.
This decision by the Garante shows that supervisory authorities are getting serious about data protection violations related to marketing and are starting to exercise the powers granted to them under the GDPR to a fuller extent.
Make sure you have the correct marketing consents before sending your next communication and always allow recipients of your marketing communications to exercise their rights.