This is interesting..
CASE 1 FLYBE
If you read the Flybe case you can see it was obvious they were going to get a fine!
Information Commissioner’s Office (ICO) found Exeter-based airline Flybe deliberately sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm
CASE 2 HONDA
The Honda case it more interesting. They were emailing people to update their records in readiness for GDPR!
Honda Motor Europe Ltd had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.
I suspect it is OK to email “exiting customers” where you used to have an opt-out and now want to have an explicit opt-in. That surely reflects a desire to move from the old (Data Protection Act) to the new (GDPR).
Because of their failings in the past Honda could not evidence that the emails they were using to ask people about Consent were lawfully gained in the first place. So if your existing data-base isn’t OK under Data Protection Act you cannot use it to make it better for GDPR.
I think what is clear is that you should not tie GDPR updates to any promotions or marketing, because clearly at that point it ceases to be an information update and instead becomes junk-mail.
I am curious how others interpret this decision.
There are businesses and charities who are – right now! – emailing people to ask “...please can we continue to use your data, and if so please [opt-in] so we can be sure to get it right or never bother you again if you dont…”