Royal Mail Group Limited – €23,400 Fine (United Kingdom, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Royal Mail was fined EUR 23,400 by the UK's Information Commissioner's Office for accidentally sending marketing emails to over 215,000 people who had opted out. The mistake happened due to a technical error in their email system. This case underscores the importance of maintaining accurate marketing consent records.
What happened
Royal Mail mistakenly sent marketing emails to 215,202 individuals who had opted out, due to a technical error.
Who was affected
Individuals who had opted out of receiving marketing emails from Royal Mail but received them due to a system error.
What the authority found
The ICO found that Royal Mail's technical error led to a breach of GDPR rules regarding consent for marketing communications.
Why this matters
This fine serves as a reminder to businesses to ensure their marketing systems accurately respect user consent preferences. Companies should regularly audit their systems to prevent similar errors and maintain trust with their customers.
GDPR Articles Cited
National Law Articles
Royal Mail is the British postal service and is the data controller. On 29 April 2021, Royal Mail submitted a written breach report to the UK DPA (ICO) that due to a technical error, its marketing actions might have sent emails to “215,202 parties who had expressed a desire to no longer receive marketing from [Royal Mail]”. Royal Mail explained that it had a list of 245,850 potential recipients, out of which “30,648 had provided valid and existing consent to receive the direct marketing messages, with 215,202 being deemed to have opted out.” On 20 April 2021, at the time of transmission of the marketing email, Royal Mail had sent the email to 30,648 persons while putting 215,202 in a holding step of the campaign. However, on 27 April 2021, “due to an internal routing error, the 215,202 individuals who had been moved to the “holding step” were accidentally sent a “reminder email” which had been intended only for the 30,648 individuals who had been sent, but had not opened or engaged with, the initial email on 20 April 2021.” The ICO opened an investigation and sought details about the volume of messages and an explanation of the routing error. Before the ICO, Royal Mail submitted the following: It uses an automated system called Eloqua to send marketing emails. Royal Mail maintains a single master database of all individuals, i.e. those who have provided their consent to receive marketing emails and also those who have not consented to receive marketing emails. The single database is maintained to keep it updated as per the latest status of consent. In a campaign, marketing emails are sent by Eloqua to those who have provided their consent. Individuals who have not given their consent are put at the end of the campaign, and the stage of sending them emails is bypassed. A reminder email is sent to persons who have given their consent but have not interacted with the original email. In the present instance, 215,202 customers who were sent the reminder marketin
Related Enforcement Actions (0)
No other enforcement actions found for Royal Mail Group Limited in UK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
7 March 2022
Authority
Information Commissioner's Office
Fine Amount
€23,400
20,000 GBP
GDPRhub ID
gdprhub-4751About this data
Cite as: Cookie Fines. Royal Mail Group Limited - United Kingdom (2022). Retrieved from cookiefines.eu
Last updated: