Email marketing – do your due-diligence or get fined
The ICO has released details about an investigation and enforcement action they have taken against a number of companies involved in email marketing. This is a complex case which involved a company promoting their services and a number of email list suppliers. The relationship between these companies is complicated but there was no clear contractual relationship between the various parties, and a lack of evidence of due diligence by the company promoting their services, the aggregator, and the list providers.
The moral of the story is that due diligence is vital. You must ensure that you have contracts with any suppliers, have completed appropriate checks before you sign such contracts, and that you have completed ongoing due diligence. You must be able to produce an audit train of the contracts / checks / due diligence if asked and demonstrate that you have taken all reasonable steps to protect the rights of the data subjects involved.
This case resulted in a huge fine. You can see the details here.
If any of this sounds like you then give us a call to discuss. Due diligence is not complicated you just need to make sure you do it.
Good luck all.
As GDPR effect is growing day by day and a lot of companies are affected, we would like to present
ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance
How to ensure anonymisation is effective? The ICO is calling for views on its updated draft gui
A lot of companies are receiving SAR's almost every day. Not all of the SAR's are relevant and a lo