Honda Motor Europe (HME) were fined by the Information Commissioners Office ( ICO) on 20th March 2017 breach of data protection laws in marketing. Honda were warned they could receive a fine up £500,000. They were Honda were fined £13,000.00. As of May 2018 with the new General Data Protection Regulation (GDPR) these fines will increase to up to 4% of a company’s worldwide turnover.
HME sent 289,790 emails to customers seeking to clarify the customer’s choice for receiving marketing emails. HME said that they believed the emails were not marketing emails but were customer service emails to help the company comply with data protection laws in clarifying customers’ choices for receiving marketing.
HME couldn’t provide evidence that the customers had ever given consent to receive emails of the type that were sent and that was a breach of the Privacy and Electronic Communication Regulations (PECR) under which a company must show how it has obtained consent (we will not go into details here but can send information if you require it).
In HME case, HME received the customer details from their authorized dealers, through their website, during promotional events where customers could sign up on completion of a disclaimer form relating to activities at the event.
Each dealer is a separate legal entity but they are expected to comply with data protection laws and adhere to these. The customer’s data is input to the HME database by the dealers. The relevant consents are recorded on the database; however, completion of the preferences field was not mandatory and dealers had not completed these in some cases.
HME sent out the emails but it was not clear on what basis they had consent to so do.
They sent the emails to those who had previously indicated some form of marketing consent but again it was not clear what the preferences were.
It was decided by the Information Commissioner that although this was not deliberate action on the part of Honda this was negligent action on then part of Honda because they knew or ought to have known that there was a risk that data protection laws would be contravened.
If you are conducting marketing activities now is a good time to review your marketing practices in time to put in measures to help you assess data risk and implement data compliance before the new GDPR comes into effect; you may then be faced with subject access requests or worse still investigations.
Nath solicitors are specialists in advising businesses on the new GDPR and can help you with your marketing assessment and activities to ensure data risk assessment and compliance in in place before the new GDPR is implemented.
The above is not legal advice but intended as a guide ; if you require further information please do not hesitate to contact us.