Consumer body Which? launched an investigation into the use of e-receipts by high street retailers and found that some of the biggest names on the high street were including “unwanted marketing information” in their e-receipts despite this being a breach of GDPR.

Their investigation sent mystery shoppers into retail stores including Nike, Halfords, Mothercare, Currys PC World, Topshop, New Look, and Gap.

Despite the mystery shoppers requesting not to receive marketing communications after handing over their email addresses for e-receipts, Mothercare, Schuh, Halfords, and Gap sent emails containing promotional material anyway.

The companies were contacted by Which? and commented that either their emails were complicit with GDPR or that they would be investigating the findings.

Under the GDPR, which came into force in May 2018, businesses are not allowed to send direct marketing communications to new customers via email unless they have consented to it beforehand.

From a retailer’s perspective, asking for a customer’s email address at point of sale in order to provide an electronic receipt does not breach GDPR. However; if any emails planned to be sent contain marketing information, the retailers must give shoppers the option to opt out before sending.

Retailers who ignore these rules can face hefty fines from the ICO. The ICO have two tiers of penalty and the maximum fine can be as high as 20 million euros or 4% of a company’s turnover for a failure to comply with data protection principles, breaching any rights an individual may have under part 3 of the Act or for the transferring data to third parties/countries outside the EEA.

If you use e-receipts, or are considering implementing e-receipts, and would like advice on what you can and cannot send, Farleys team of GDPR specialists can help. For advice on any GDPR related query or policies, please call 0845 287 0939 or submit your enquiry through our online form and one of the team will get in touch with you.