Book a call
By LegalEdge News

Don’t risk a fine with B2C marketing 


HelloFresh, the food box delivery company, was recently fined £140,000 by the Information Commissioner’s Office (ICO)for sending out 79 million emails and one million texts over seven months. 

Following complaints from the public, a 2022 investigation by the ICO found that customers: 

  • weren’t told clearly that their data would be used for marketing for up to 24 months after cancelling their subscriptions; 
  • weren’t told exactly what they were opting in to (they were hit with a barrage of marketing texts they didn’t want or expect); and 
  • it wasn’t clear how to opt out.  

In some cases, even when customers told HelloFresh to stop, the deluge of marketing texts continued. 

The ICO said that, not only was HelloFresh in breach of trust, but that it was also a breach of the Privacy and Electronic Communications Regulations 2003. 

A tough market is no excuse 

The recipe box market is highly competitive, so it is maybe understandable that HelloFresh felt they had to market themselves very actively. However, it is a useful reminder that you still need to comply with the data protection safeguards which are in place to protect consumers. And that if not, the financial penalties can be high, as well as the damage to reputation – in this case there is such a thing as bad publicity.

What does proper consent look like? 

B2C businesses must seek proper consent from those to whom they want to send marketing messages.  And the request for consent must be ‘specific’ and ‘informed’. This means it should set out clearly how messages will be sent e.g. texts and/or emails, and how long the marketing will go on for.  And it requires affirmative action – e.g. ticking a box (not pre-ticked or an opt-out). And it can’t be bundled with other consents or be a pre-condition of providing products/services. There also needs to be an effective process for actioning opt-out requests in a timely manner.  

The ICO now has significant powers to investigate and issue fines for non-compliance and, it seems, will not hesitate to use them. 

How can we help?   

We can help you navigate data protection compliance, ensuring marketing campaigns don’t fall foul of the law. This includes:

Data Flow Mapping Made Simple

Wondering if your personal data management is as up-to-date as it should be? We’re here to help you develop a Record of Processing Activities (ROPA) that serves as the backbone of your data protection strategy. This isn’t just about ticking boxes for compliance; it’s about enhancing operational efficiency and reducing risk. And the best part? It’s an affordable way to protect your business and gain peace of mind.

Refreshing Your Data Protection Policies  

If your data protection policies feel outdated or vague, we can bring them up to date. Regularly reviewing your policies isn’t just a legal requirement; it’s an opportunity to build trust with your customers and streamline your internal processes. Investing in clear, updated policies is cost-effective and can significantly reduce the risk of data breaches and non-compliance penalties.

Closing the Compliance Gap  

Identifying gaps in your data protection efforts can be daunting. We can help you make this challenge into an achievable task. By partnering with us, we’ll work together with you and agree a budget to help you bridge any compliance gaps efficiently and affordably. Our focus is not just on meeting the minimum legal requirements but on fortifying your business against future threats and uncertainties in the evolving data protection landscape.

To talk to us about how we can help with any of the above get in touch on info@legaledge.co.uk. Also see our latest blog on dealing with DSARs here.

Back To Blog Our Services
  • Share:

What do our clients think?

We’ll set up a cost-effective, efficient legal function for your business. You’ll have an experienced lawyer as your single point of contact who works as part of your operations team.

No duplication and no reinventing the wheel each time. We get to know your business quickly to manage your legal matters effectively and add value. And as your flexible in-house legal function, we can be scaled up or down depending on needs.

We analyse risk and prioritise what’s important, then manage and carry out the day-to-day legal work, all to a set budget. We’ve all worked as in-house lawyers in fast growth companies, so know what you need (and don’t need) to worry about. We’ll work with you to get deals and contracts done and help achieve your business goals.

“The fact that all their lawyers have worked inside businesses means they are commercial, pragmatic and know exactly how to prioritise what’s important.”

“We’re very pleased with the work LegalEdge are doing for us. We’re getting quick and decisive responses that are really helping us move forward.”

We work with small in-house legal teams that need additional support on a flexible basis without adding to headcount.

Whether it’s overflow work, a project or just a much-needed extra pair of hands we can help. We get the job done without supervision, working seamlessly as part of your team or behind the scenes, whatever works best for you. We don’t do endless negotiations on the clock or write long legal memos. We just help prioritise, find solutions and get it done.We understand the challenges and demands of small in-house teams because we’ve been there. We work as an extension to your team, get up to speed on business priorities quickly, and help you keep control of legal workflow and budget.

“The ideal solution for the busy in-house counsel who is unable to add a permanent head as you have the ability to flex support without the need to rely on expensive law firms.”

“LegalEdge has provided excellent, commercially focused advice as part of our in-house legal team that has helped us close contracts with our customers and partners.”