At the end of last year, regulations were amended to enable directors to be fined up to £500,000 for the unlawful use of direct marketing.
From 17th December 2018, the Privacy and Electronic (EC Directive) Regulations 2003 (PECR) were amended to enable the Information Commissioner’s Office (ICO) to fine directors of companies (or members of LLPs) up to £500,000 for breach of the PECR rules on the use of automated calling systems and unsolicited direct marketing. Directors will be liable where they have consented to or connived in the breach or it is attributable to their neglect.
The government consulted on the proposed changes in May 2018 and the majority of respondents wanted directors to be held accountable for breaches of PECR. However, there were concerns over whether the proposed measures would be effective in relation to certain activities, such as cold calling, or where numbers are untraceable.
The ICO has had the power to fine companies up to £500,000 for breach of the unsolicited direct marketing rules since April 2015. The Insolvency Service can also disqualify senior officials from being a director if they are found to be in breach of the rules. However, these measures have not been as effective as hoped, in part because companies avoid the fines by dissolving and then re-emerging under a new name. The introduction of personal liability for company officers is one of several measures designed to tackle the problem of nuisance calls. Other measures include the introduction of a statutory code on direct marketing and requiring direct marketers to provide caller line identification.
The directors of any company engaged in direct marketing (particularly email or text marketing) should now take very great care to ensure their company is following the rules relating to consent.
Further reading – What does GDPR mean for marketing?
If you would like to discuss any aspect of data protection, please contact Partner and Commercial Solicitor, Matt Worsnop, by email at email@example.com or by phone on 0116 281 6235.
Categorised in: Corporate and Commercial, Dispute Resolution, IT & Telecoms, NewsTags: Commercial Law, Company Law, Data Protection, GDPR, General Data Protection Regulation