The Information Commissioner’s Office has issued a £60,000 fine to Stevenage-based Everything DM Ltd, a marketing company selling email marketing services.
The company, between May 2016 and May 2017, sent non-consented emails to 1.42 million clients without due regard for recipient opt-in consent.
The ICO released a statement: “Firms providing marketing services to other organisations need to double-check whether they have valid consent from people to send marketing emails to them. Generic third party consent is not enough and companies will be fined if they break the law.”
The ICO investigation revealed that by relying on third-party consent, i.e. buying email addresses with a presumed consent guarantee, and more importantly failing to verify the consent parameters by contacting the email base before commercial usage, the company fell foul of the Privacy and Electronic Communications Regulations (PECR) data compliance laws.
The ICO argues that companies need to verify consumer email data and to make sure they adhere with PECR and GDPR before allowing commercial usage.