UK pub chain J.D. Wetherspoon has deleted it entire email marketing database stating: “Many companies use email to promote themselves, but we don’t want to take this approach, which many consider intrusive”.
In its letter to customers, the company confirmed it would now only be publicizing its news and deals through social media pages and on its website. This may seem against the trend of seeing customers’ data as a potential goldmine, especially as email marketing is seen as such a crucial promotional tool for many companies, but recent (and not-so-recent) events may help shed some light:
- In December 2015, 656,723 customers’ records on J.D. Wetherspoon’s database were hit by a cyberattack in which their email addresses, birth dates, telephone numbers, and a small number of credit and debit card details (around 100) were exposed.
- The airline Flybe was fined £70,000 in March 2017 by the Information Commissioner’s Office (ICO) after it sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm.
- Also in March 2017, vehicle manufacturing giant Honda was fined £13,000 by the ICO after 289,790 emails were sent to people who hadn’t requested them.
- Supermarket chain Morrisons was fined £10,500 for sending more than 200,000 emails to people who had opted out of receiving them.
Compliance gone wrong
The moves from Wetherspoon and the ICO come as the country gears up for the EU’s General Data Protection Regulation (GDPR), to come into effect in the UK from 25 May 2018 (at which time the UK will still be part of the EU).
“On a risk basis, it’s just not worth holding large amounts of customer data which is bringing insufficient value,” says Jon Baines, Chair, The National Association of Data Protection and Freedom of Information Officers, adding, “This could be the case even where the organization is clear on which customers have given consent to marketing and which haven’t.”
Ironically, both Honda and Flybe sent out those emails to comply with data protection laws – asking recipients to clarify their choices for receiving marketing content. Nevertheless, Steve Eckersley, Head of Enforcement, ICO stated:
“Sending emails to determine whether people want to receive marketing without the right consent is still marketing and it is against the law.
“Businesses must understand they can’t break one law to get ready for another.”
All three firms were found to be in breach of the EU’s current Privacy & Electronic Communications Regulations (PECR), which sits alongside the UK’s Data Protection Act 1998.
When the GDPR does come into effect, companies could be fined up to 4 percent of their global turnover if they go against regulation. And yet, a recent poll by IT security company Sophos found that the UK is “far behind” its European counterparts in terms of being ready for GDPR. The poll was of 625 IT decision makers in the UK, France, Belgium and Luxembourg, wherein just 6 percent of UK respondents had prioritized GDPR in contrast with 30 percent in France, and 25 percent in Belgium and Luxembourg combined.
From the beginning, for those companies that were fined, the customer experience of those receiving unsolicited emails was tainted. To become truly customer-focused, CSPs need to better understand the customer journey. Download our Quick Insights report, Journey to the core of customer centricity, to read our investigation in more depth.