The Information Commissioner’s Office (ICO) has fined Everything DM Ltd (EDML), based in Stevenage, £60,000 for sending 1.42 million emails without consent.
The investigation found that, between May 2016 and May 2017, the firm used its direct marketing system called ‘Touchpoint’ to send emails on behalf of its clients for a fee.
Those emails gave the impression they were sent by the clients directly, and EDML couldn’t prove that the recipients’ had ever given consent to receive marketing emails from its clients or itself.
The investigation revealed that EDML relied on the consent of third parties but didn’t take reasonable steps to make sure the data complied with the Privacy and Electronic Communications Regulations (PECR).
ICO Director of Investigations, Steve Eckersley, said:
“Firms providing marketing services to other organisations need to double-check whether they have valid consent from people to send marketing emails to them. Generic third party consent is not enough and companies will be fined if they break the law.”
The ICO has also served an Enforcement Notice on EDML requiring them to comply with PECR in the future.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/