In both cases, the brands have been penalised for sending marketing messages about communication preferences to customers who had previously opted out of engagement.
Flybe has been fined £70,000 for sending more than three million emails with an email titled ‘Are your details correct?’ and an offer of entry into a prize draw for those that updated their information.
In a separate investigation, Honda was fined £13,000 for sending 289,790 emails about preferences under the pretence that customers were receiving a customer service mailer in line with data protection law, however this was later disproved.
The two fines are significant in their relation to the hard line the ICO is taking in the build-up to General Data Protection Regulation (GDPR), set to come into enforcement in May 2018.
Steve Eckersley, ICO head of enforcement, said:
“Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent is still marketing and it is against the law.”
“In Flybe’s case, the company deliberately contacted people who had already opted out of emails from them.”
“Businesses must understand they can’t break one law to get ready for another.”
“Any company unsure of the best way to prepare for the change in consent under GDPR should contact the ICO for advice.”
GDPR is becoming a key mandate for businesses as the deadline to compliance looms near. However, in a recent survey from the Chartered Institute of Marketing (CIM), it was found that a dichotomy exists in terms of the recognition of GDPR in businesses, and their approach to implementation.
Only 5% of marketers say they wholly understand what GDPR means for their business, whilst 50% say they don’t know anything about the regulation. Most concerning is that 16% do not think GDPR is relevant to them at all.
Severe penalties await businesses that do not comply - the fines for breaking the regulations are capped at €20 million or 4% of global turnover, whichever is higher.
Tim Dimond-Brown at GMC Software says the fines highlight that brands are yet to ask the right questions about how they store and communicate with customers about their data:
“The right to privacy is a fundamental part of the GDPR; meaning that every single communication, and every process behind it, must be made with this in mind. This means ensuring that in every part of the business, and across every channel of communication, data is being both entered correctly and shared across the organisation to ensure there is no opportunity for error.
“Businesses have a responsibility to communicate with their customers and inform them of the impact of the GDPR: but they also have a responsibility to do this in the correct manner. An unsolicited marketing email, which warns of upcoming changes to unsolicited marketing emails, is precisely the wrong way to do this.”
Chris is Editor of MyCustomer. He is a practiced editor, having worked as a copywriter for creative agency, Stranger Collective from 2009 to 2011 and subsequently as a journalist covering technology, marketing and customer service from 2011-2014 as editor of Business Cloud News. He joined MyCustomer in 2014.