firm news

Businesses must not risk breaking other laws in order to prepare for GDPR
31 March 2017

Recent fines issued by the ICO to Flybe and Honda Motor Europe, show that sending emails to individuals asking them to update their details and confirm their marketing preferences, does itself constitute direct marketing and must comply with the direct marketing laws. Businesses must ensure that, in their eagerness to prepare for the more onerous data protection requirements under GDPR, they are not breaching other laws.

Flybe and Honda may have believed that they were doing the right thing by getting their house in order to ensure that they comply with the more onerous standard for consent under the new General Data Protection Regulations but in doing so they have in fact breached another law, namely, the Privacy and Electronic Communications Regulations (PECR).

Flybe sent more than 3.3 million emails to people who had opted out of receiving marketing emails asking them to update their details and marketing preferences. In exchange for doing the update, people were given an option to be entered into a prize draw. The ICO found that Flybe had deliberately sent emails to people who had opted out and fined Flybe £70,000 for breaching PECR.

Honda Motor Europe sent 289,790 emails to customers requesting clarification of customers’ marketing preferences. Honda stated that these emails were customer service emails sent to help its compliance with data protection law. They were unable to demonstrate whether the customers had consented to receive direct marketing emails. Honda was fined £13,000.

The lesson to be learnt from this is that the ICO will interpret what constitutes “direct marketing” very widely.  Claims that emails requesting consent are “customer service emails” and arguments that sending such emails is necessary to future proof an organisation’s compliance with data protection law, are likely to fail. In the words of Steve Eckersley, ICO Head of Enforcement “Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law… Businesses must understand they can't break one law to get ready for another."

The ICO’s Direct Marketing Guidance is a valuable read for those businesses undertaking direct marketing. Be aware that it is not only GDPR that marketers need to be aware of and get to grips with. The marketing rules under PECR are also under review with plans for a new E-Privacy Regulation to come into force at the same time as GDPR. 

It is certainly a challenging time for marketers.

If you have any further questions please contact Sarah Williamson on [email protected].

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.

award winning law firm

Boyes Turner are proud to have received the following awards and recognition.