We use cookies to track usage of our site. Details of these can be found on our Cookie Policy. You may choose to decline all tracking cookies, but if you do some key features may not work as expected.

2022-05-25
Legal Articles

Updating consent to receive marketing emails in preparation for the GDPR: be careful!

Home / Knowledge base / Updating consent to receive marketing emails in preparation for the GDPR: be careful!

Posted by Claire Halle-Smith on 17 May 2017

Claire Halle-Smith Legal Director
Sign up for updates

Share article

In order to become GDPR compliant, many organisations are facing the job of checking whether they hold GDPR-compliant consent to send marketing emails to individuals. To prepare for the introduction of the GDPR in May 2018 some organisations have sent emails to their database to check that marketing consents are up to date. However, recent fines from the ICO have highlighted some potential risks involved.

On 27 March this year the ICO fined both Honda and Flybe for sending emails to their customers to ask for confirmation of their contact details and marketing preferences.

Flybe sent an email to 3.3 million people asking ‘Are your details correct?’ The email asked recipients to update their details and marketing preferences for the chance to be entered into a prize draw.

The problem with the Flybe email was that it was sent to people who had previously refused or withdrawn their consent for email marketing.

This was in breach of current data protection law. The ICO made clear that emails sent for the purpose of updating marketing preferences are still sent for the purpose of direct marketing so require prior consent.

Flybe were fined £70,000 after an initial warning from the ICO which was ignored.

Honda sent an email to over 300,000 customers who did not have marketing preferences set (either because they were incomplete or had never been recorded). The purpose of the email was to ask these customers whether they did want to receive marketing communications.

The ICO similarly confirmed that any email sent to verify consent for direct marketing is in itself direct marketing. As such, the organisation sending the email must already have consent in place. Unknown marketing preferences cannot constitute consent.

Although the email was sent to Honda’s customers, Honda could not rely on the fact that the email address was acquired during a sale of goods, because the email addresses were collected by Honda’s dealers and not Honda directly.

Honda were fined £13,000 by the ICO.

The lessons to learn here are:

If an individual has previously refused or withdrawn consent to direct marketing:

If a person has previously refused their consent to receive marketing by email, no further marketing emails should be sent. This includes an email asking whether that person has changed their mind and would now like to receive marketing.

If it is unknown whether an individual consents to direct marketing:

If there is no evidence that a person has consented to receive direct marketing by email, no marketing emails should be sent. This includes an email asking whether that person does consent to such marketing.

If an individual has given their previous consent to direct marketing:

If there is already evidence that the person consents to direct marketing, it is fine to send an email to check whether that person still gives their consent (and to ensure that the consent is GDPR-compliant).

Tags: Data protection and privacy GDPR

Share article

About the author

Claire Halle-Smith

Legal Director

Claire’s experience in-house coupled with many years advising on data privacy matters enables her to identify key issues facing an organisation and to provide practical, solutions-based advice.

Claire Halle-Smith

 Claire’s experience in-house coupled with many years advising on data privacy matters enables her to identify key issues facing an organisation and to provide practical, solutions-based advice.

Recent articles

People services law banner
07 December 2023 The WHorld of Employment Law Episode 2: Christmas Parties!

Season's greetings from Wright Hassall! Welcome to a festive themed second episode of The WHorld of Employment Law with Kash Dosanjh, Associate and Sarah Price, Solicitor as they discuss Christmas parties. During the episode, Kash and Sarah discuss common issues that they have come across as a result of work parties and offer advice to employers on what they can do to mitigate this risk.

Read article
Medical negligence banner
07 December 2023 GP remote consultations prove largely effective

Fears that remote consultations with GPs could be unsafe, leading to misdiagnosis of cancers and other potentially life-threatening conditions, such as stroke and heart attack symptoms, have been largely assuaged by a recent Oxford University-led research study 'Remote by Default'. Having looked at the connection between remote consultations and safety incidents it concluded that for most patients the risks are minimal.

Read article
Real estate law banner
05 December 2023 Is ‘hope value’ a help or hindrance?

'Hope value' was originally introduced to ensure that landowners would receive existing use value (EUV) of their land, plus a premium to reflect future lost earnings. Many now argue that such payments are anachronistic and responsible for the artificial inflation of land prices, so the the Levelling Up and Regeneration Act 2023 (LURA) now gives the Secretary of State the ability to remove, or cap, hope value from CPO-related compensation payments.

Read article