Flybe must pay £70,000 in fines for breaching the Privacy and Electronic Communication Regulations.
The UK airline sent marketing emails to over 3.3 million people, despite choosing to opt out of receiving such correspondence. The company sent the emails last year, to update its records prior to the EU’s General Data Protection Regulation (GDPR), on 25 May 2018. However, while doing so, it breached existing data protection laws.
Emails breached data laws
The emails sent by the airline asked people to update their personal information and marketing preferences. However, Flybe should have got people’s consent before sending the emails, according to the Information Commissioner’s Office. Asking people whether they wish to receive marketing emails, without the right consent, constitutes marketing. And is against the law as Flybe contacted people deliberately, despite them originally opting out of emails. The marketing emails also offered people the chance to enter a prize draw.
Complying with the GDPR
Organisations processing personal data of EU citizens, must follow much more stringent data protection rules, when the GDPR comes into effect. This is particularly crucial when getting people’s consent. They will also have to pay much higher fines too for any breaches. Under the GDPR, severe breaches could see fines of up to 4% of the company’s annual worldwide revenue. Or, depending on which is more, fines of anything up to £17 million.
Business owners should take note of Flybe’s case and make sure they are adequately prepared for the new GDPR, but without breaking any laws on the way.