"Data controllers need to stop sending us direct marketing unless we specifically request it."
And where that request has been denied, absolutely must honour that denial, not disregard it and send marketing crap anyway (I recently lodged a complaint with the ICO about HSBC for doing exactly that).