Documentation

Table of Contents

Why the Garante’s €45K fine should be a wake-up call for marketers

What’s the true cost of ignoring email marketing compliance?

For noicompriamoauto.it, one of Italy’s well-known online car dealers, it was €45,000.

That’s the amount the Garante (the Italian data protection authority) fined a business for failing to comply with key privacy rules around email marketing.

The case serves as a cautionary tale for any organization using email to promote products (especially if your opt-in flows aren’t airtight).

But here’s the good news: this kind of penalty is completely avoidable.

Let’s take a closer look at what went wrong, what the Garante expects, and how iubenda can help you stay on the right side of compliance.

Firstly, what happened?

The Garante’s investigation was triggered by a user complaint.

They said they’d received unsolicited promotional emails from multiple unknown third-party senders – all partners of noicompriamoauto.it. Worse still, when the user submitted a data subject rights request, it was ignored.

The Garante found that:

  • The company had no proper agreement in place with its advertising partners
  • There were no technical or organizational safeguards over how customer data was shared
  • There was no valid proof of consent for the marketing messages

In short: it was a recipe for non-compliance.

The Garante’s recommendation: Double opt-in is a minimum safeguard

Although Italian law doesn’t explicitly require double opt-in for promotional emails (DEM), the Garante made its stance clear in this case:

💡 Double opt-in is a best-practice safeguard that protects both users and businesses.

Here’s why double opt-in matters:

  • It asks users to confirm their subscription via a second step, usually an email link
  • It provides strong evidence that consent was freely and clearly given
  • It reduces the risk of spam complaints and misuse

That makes it one of the most effective tools for compliant email marketing.

How iubenda keeps your email marketing legally covered

🚀 Our Newsletter Opt-in Booster has double opt-in built in by default – so you don’t have to think twice.

With it, you can:

  • Embed GDPR-compliant opt-in forms with pre-configured legal language
  • Automatically log consent for full audit readiness
  • Seamlessly integrate with your favorite email marketing platforms – from Mailchimp to HubSpot

💡 It’s ideal for marketers, developers, and compliance professionals who want to grow their email list while staying compliant.

What about user rights?

The Garante case wasn’t just about consent – it also involved a delayed data subject request.

Under GDPR, users have the right to:

  • Request access to their personal data
  • Ask for that data to be deleted
  • Object to how their data is being used

And companies are required to respond within strict deadlines.

🚀 The Data Subject Requests Management Tool from iubenda helps you:

  • Receive and process user rights requests easily
  • Track all actions taken for compliance logs
  • Automate responses and task assignments within your team

The takeaway: Prevention is better than a €45,000 fine

This fine wasn’t the result of malicious intent. It was a lack of process, oversight, and the right tools.

  • Proper consent
  • Double opt-in
  • User rights handling

These are essential safeguards every business needs.

👋 The good news? iubenda makes it easy to get these things right. Our tools are fast to set up, easy to use, and built to get you on the road to compliance.

Check your consent flows now

A few simple changes could save you thousands in fines and make your email marketing stronger in the process

About us

iubenda

GDPR compliance for your site, app and organization

www.iubenda.com