TL;DR: The title of the article is misleading but Flybe and Honda are still dumb.
GDPR won’t be enforceable until 25th May so I fail see how they can be fined on those grounds.
A lot of companies until now by default opt you into them storing and reusing your data or even worse just put it in their Ts&Cs. You can either opt-out or just not use that company. However, GDPR will require explicit consent by you opting-in to them storing and using your personally identifiable information.
All they’re doing now can be summarised as saying “we need your explicit consent for us to hold your data for the purposes of contacting you in the future, making your experience with us easier, improving our services and reccommending selected partners reach out to you”… but in a less concisely worded way and possibly other use cases. They’d need to separate each use of data into separate questions and provide an option to explicitly accept, otherwise it’ll be considered a decline and can even request access to the data held on them
Reaching out to contacts far in advance, allows them the reasonable time to be considered to have declined the request for that company to control and process the person’s identifiable information.
An investigation by the commissioner’s office found that Exeter-based airline Flybe had “deliberately sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm”.
Those emails ironically were asking customers to update their marketing preferences, including whether they wanted to receive emails like the ones Flybe had just sent, and offered customers the chance to be “entered into a prize draw” for contributing.
The title of this particular story is somewhat misleading. Flybe and Honda were fined for failing to comply with the Data Protection Act 1998 whereby consumers had unsubscribed from marketing emails but the type of emails those people received can be categorised as marketing.
Unless there’s a legal reason why those people’s data need to be stored then they should be deleted before 25th May. If there is such a reason, they will need to be informed but not under the guise of a marketing competition.