Grove, a Kent pensions company, which relied on ‘misleading’ professional advice has been fined £40,000 by the Information Commissioner’s Office for being responsible for sending nearly two million direct marketing emails without consent. Grove utilised the servie of a third party marketing agent to carry out a range of marketing functions on their behalf, including lead generation.
Grove, by extension through this marketing agent, would work with “email providers”, who essentially provided a hosted marketing service by sending out “pre-approved emails” to opted-in subscribers contained within data sets which they themselves supplied.
Mitigating factors (that helped reduce the penalty):
1) “extensive consultation” with a recognized specialist data protection consultancy (even though this advise was obviously not quite right) as demonstrated awareness of obligations and a generally positive and http://pro.active approach to data protection
2) Number of complaints received was minimal.
3) No evidence that activity continued beyond period set out within the Notice
4) Cooperation with ICO investigation
https://ico.org.uk/media/action-weve-taken/mpns/2614585/grove-pensions-mpn-20190326.pdf