Following a complaint from a disgruntled recipient the ICO’s investigation found that between October and November 2016, 200,000 emails entitled ‘Your Account Details’ were sent out inviting customers to amend their preferences so that they could start receiving news, points and coupons from Morrisons. Because these customers had previously opted to not to receive Morrisons’ emails this deemed a serious breach of the Privacy and Electronic Communication Regulations (PECR).
The ICO’s Deputy Commissioner Simon Entwisle commented: “It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing. These customers had explicitly told Morrisons they didn’t want marketing emails about their More card. Morrisons ignored their decision and for that we’ve taken action.”
The real cost of data privacy
Although the ICO currently has the power to impose penalties of up to £500,000, under the proposed new General Data Protection Regulations (GDPR) a serious data breach could result in fines of up to €20 million or 4 per cent of turnover (whichever is greater). In 2016, the ICO imposed fines totalling £880,000, under GDPR this could soar to £69m – a catastrophe for most businesses.
To avoid this kind of disaster it is essential that companies start preparing for the new GDPR laws now, before it is too late. PromoVeritas, who specialise in all aspects of promotional compliance and integrity have already got ISO27001 High Level Data Security accreditation and are working with a number of their clients to ensure their protection. Join us at our complimentary ‘Be In The Know’ GDPR Breakfast Briefing on 12th July at Langan’s Brasserie, Mayfair, London. To find out more or reserve your place email firstname.lastname@example.org.