The Supreme Administrative Court of Poland has issued a verdict confirming that making marketing calls to clients after they have revoked their consent contravenes the General Data Protection Regulation (GDPR). This ruling arose from a case where a bank attempted to contact a customer with a marketing offer just one day after she had withdrawn her consent through the bank's electronic services. The customer reported the bank to the President of the Personal Data Protection Office (UODO), arguing that her personal data was unlawfully processed after she had already opted out of marketing communications.

In defending its actions, the bank claimed that it was processing the customer’s personal data in connection with the contract for her bank account, citing provisions of GDPR that allow data processing for contract fulfillment. However, the customer contested this argument, asserting that her previous withdrawal of consent should prevent any further marketing attempts. Furthermore, the bank admitted that the situation stemmed from a failure in internal communications regarding the processing of the customer's data.

The court's decision underscores the importance of consent within the framework of the GDPR and serves as a reminder for businesses to ensure that their marketing practices comply with current data protection laws. The ruling may prompt financial institutions and other companies to review their data handling procedures, particularly regarding obtaining and respecting client consent, to avoid similar violations and potential legal repercussions in the future.