Posted on 4 April, 2017Flybe and Honda have just been fined by the ICO for flouting data protection rules
New research reveals that nearly half of UK companies are not compliant with the 1998 Data Protection Act, let alone being anywhere near ready for the introduction of GDPR next year.
This latest study comes in the wake of two large brands being fined by the ICO for contacting customers that were off limits.
Flybe was found to have sent more that 3.3 million emails to people that had opted out of communications asking them if their details were correct. The airline was fined £70,000 for breaching Privacy and Electronic Communications Regulations (PECR).
And Honda was found to have sent almost 300,000 to customers asking them for permission to contact them. They were fined £13,000.
Both organisations were prospecting for future consent (probably in advance of GDPR) but by doing so contravened the PECR. What this shows is that the ICO is taking a hard stance on compliance and organisations will have to put more emphasis on their data management and processing, including permissions, storage and suppressions. We have recently been in contact with the ICO to clarify the role of suppression in GDPR and will be able to advise on this in due course.