The fine stands as a warning to organisations that would bend the rules set out by GDPR
The Information Commissioner’s Office (ICO) has hit Honda and Flybe with a combined £80,000 fine after the two companies were found to have sent marketing emails to customers without having consent in advance.
The ICO first led an investigation in 2016 that exposed that the budget airline Flybe had sent 3.3 million emails to customers who had actively opted to not receive such material.
A £70,000 has been issued to Flybe, and £13,000 to Honda.
The forceful response to the misdemeanour comes at a time when the value of data-privacy an extremely important issue. The General Data Protection Regulation (GDPR) outlines the possibility that an organisation can be hot with a fine amounting to up to four per cent of annual turnover.
This move also comes in light of the fast approaching GDPR initiative that is set to ramp up the regulation on data maintenance, control and retention.
Tim Dimond-Brown, head of EMEA North at GMC Software, had the following to say: “While most focus on the GDPR to date has been on security, these penalties from the ICO make clear that organisations need to answer much more basic questions on how they store customer data and actually communicate with customers. The right to privacy is a fundamental part of the GDPR; meaning that every single communication, and every process behind it, must be made with this in mind.”
Diamond-Brown said: “Businesses have a responsibility to communicate with their customers and inform them of the impact of the GDPR: but they also have a responsibility to do this in the correct manner. An unsolicited marketing email, which warns of upcoming changes to unsolicited marketing emails, is precisely the wrong way to do this. Instead, organisations should be able to communicate with customers in the right way, at the right time, over the right channel, safe in the knowledge that they have all relevant data to do this. For instance, automated systems that control how customer data is entered and shared could have prevented this; as would systems preventing non-compliant emails being sent in the first place.”