In July 2017, Pub chain J.D. Wetherspoon deleted its entire email mailing list, saying that it will send newsletters via email anymore. Although it’s not known how many emails Wetherspoon deleted, when the firm suffered a breach of their customer database in 2015, it was reported that they had 656,723.
The news came after several companies received fines for sending marketing messages to people who didn’t explicitly consent to receive emails. Airline Flybe has also been fined £70,000 by the Information Commissioner’s Office (ICO) after sending more than 3.3 million emails under the title “Are your details correct?”
On a risk basis, it’s just not worth holding copious amounts of customer data which is bringing insufficient value. Also, over time … there’s a strong likelihood that you’ve lost track of who had given consent for contacting them again through whatever means.
Flybe, Morrisons and Honda were all found to be in breach of the Privacy & Electronic Communication Regulations (PECR). Fines for breaking this law can go up to a maximum of £500,000 – however, under the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, companies can be fined up to 4 per cent of their global turnover.
On the basis that the less customer information YOU / WE / ME have, then the less risk associated with data. Simple enough. Driven by a conversation with a friend this week on the value (or not) that a very old pile of business cards has … if you don’t need them, get rid of them. Even simpler given a clean desk / clear desk policy at home and at work.