I don't think the ICO understands GDPR. I complained about Three giving my data to 'market research third parties' and the ICO say that if I'm a customer of Three, I have implicitly given my permission for Three to share my data with anyone. Whereas I contend that I only signed up (over 10 years ago) for my data to be used for the purposes of billing. I really thought the point of GDPR was to move consent from implicit to explicit.