Should I forward this to ICO ...

[Slarti]

... or would I be wasting my time?

I've received an email that is, to me, obviously a scam
From: GDPR Compliant <data@gdpr-databases.co.uk>

Subject: GDPR Compliant Marketing Data

The UK business data we supply is fully GDPR Compliant and therefore you don’t have to worry about obtaining direct consent from the individuals and companies contained within our data prior to contacting them. Under the ‘Legitimate Interest’ clause you are able to contact restricted types of businesses without direct consent if you have a product or service which may be of interest to them.

Our data only contains the type of businesses that you are able to contact without prior direct consent. Therefore, you can freely use our data for cold contact marketing and be rest assured that you aren’t breaking any laws.

Using data that does not only contain these restricted types of businesses is very dangerous and could result in a hefty fine.

We have a database of 548,732 GDPR Compliant UK businesses which you are able to purchase through our website.

It does have contact details and given my understanding of GDPR, selling data like this (if they have it) is far from GDPR compliant.

Should I forward it to them, or should I just delete and forget?

Slarti

[PinkDalek]

We have a database of 548,732 GDPR Compliant UK businesses which you are able to purchase through our website.

Not an answer to your question but the key phrase above is mentioned here (from late May 2018):

https://www.xms-systems.co.uk/article-2 ... shing.html

[stewamax]

The primary legislation is far less black-and-white about direct marketing than is commonly realised.
An organisation is mandated to balance its own legitimate interest in using someone’s personal information (including emailing them) with the benefit, annoyance or harm it causes the person. GDPR Article 6(1)(f) says “processing is necessary for…the purposes of the legitimate interests pursued by the [data] controller or by a third party, … …except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data…”. This loophole thus even permits some direct marketing, but this, like all electronic advertising, is also subject to the Privacy and Electronic Communications Regulations (PECR).

[Slarti]

Not an answer to your question but the key phrase above is mentioned here (from late May 2018):

https://www.xms-systems.co.uk/article-2 ... shing.html

Same email from the same people.

I think that I will forward it to the ICO, though I have my doubts if they will do anything.

Slarti

[mc2fool]

I think that I will forward it to the ICO, though I have my doubts if they will do anything.

Well, what GDPR Databases say on their website is that (apparently, according to them) "email addresses of corporate employees can be licensed for third party email campaigns", and what they are selling is such folks work email addresses.

I have no idea of the validity of that. Did you receive the email at a corporate email address?

In any case, I would encourage you to report it to the ICO and in doing so I'd point out that their website actually links to pages on the ICO website.

There's no indication that GDPR Databases is a registered company (no company number on their website and I can't find them in the Companies House website), and their address certainly looks like a residential one.

I was going to check if they themselves are registered in the Data Protection Register but it seems the ICO are "currently updating" it ... maybe to be GDPR compliant?