A Dangerous Post
You never think of posts as being dangerous, unless, of course, they are either falling on you, or saying something extremely controversial that’s going to land you in trouble.
But on this occasion, I’m not talking about a block of wood or something you’d find on social media.
This time I’m talking about email post! Specifically, junk mail.
I don’t know anyone who actually likes getting junk mail, but I bet you’ve never thought about the pain that might be suffered by those sending it. Junk mail has a bad reputation, and so we probably all think about the sender in similar terms – certainly I never heard anyone saying that they aspired to being someone who sent out junk mail!
So it might amuse to you to hear that the Post Office has just been fined £20,000 by the ICO for sending out junk mail (or targeted marketing as it’s often referred to!) without permission. You may think that £20k isn’t a huge amount (although you’d have to sell a lot of first class stamps to cover it!) but considering only 3 people complained, that’s possibly the three most expensive emails they’ve ever sent.
What I find interesting about it, and other fines I’ve read about, is that there is a definite trend at the ICO to fine large companies heavily, but to be more supportive of smaller businesses. I know from the talks and advice I gave when GDPR was first rolled out, it was the smaller businesses who were most panicked about what it all meant for them and how they were to comply. My view was always that this should be seen by such companies as more of a “risk assessment” situation. Make sure you have a sound, well thought out GDPR policy. Make sure everyone is trained on it and make sure you stick to it. Even if the ICO do decide that you have handled something in a way that they don’t agree with, if they can see that you did more than pay lip service to your obligations, they are less likely to fine you, but will be more likely to simply give you guidance as to how to get it right next time. So far, that view has been borne out by experience.
Hopefully by now you are all comfortable with what you should (and should not) be doing on GDPR but if you do still have any issues or concerns, I’ll be propping up a post somewhere (near a bar probably) and happy to answer any questions you may have.
Kleyman & Co Solicitors. The full service law firm. Posting answers to your questions.