Beware the unsolicited email.

UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Points to note:

  • You can’t generally send marketing emails without receiving the consent of the recipient.
  • Even if you use a third party mailer, it is your responsibility to ensure consent has been duly

The UK Information Commissioner’s Office (ICO) has issued expanded guidance on “Personal Data” under the EU General Data Protection Regulation (GDPR).

Here are the highlights:

Pseudonymization does not change the status of the data as personal data. To truly anonymize under the GDPR, you must strip personal data such that the individual can no longer