And if you read the actual judgement...
... it's all very disturbing. The "not deliberate" is as in the company did not deliberately set out with the express purpose of breaching the DPA. The ICO found that they were negligent in that particular sense but the sale was deliberate and they knew they were selling to spammers.
So... not idiots, just scum.