New legislation: ICO is able to fine individual company directors when the PECR (direct marketing) is infringed

As of 17 December 2018, new UK legislation will come into force that concerns marketing activities.

As of this date, the ICO (the UK data protection authority) is able to fine organizations and its individual company directors for breaches of the Privacy and Electronic Communications Regulations (PECR). The fine amounts maximum £500,000. The PECR sets out the legal parameters for electronic direct marketing in the UK.

Due to this amendment of the PECR, the ICO is now able to fine the company, its directors, or both. The change would also allow the ICO to hold individual directors to account where the company fails to pay the fine; and where the individual is no longer in a senior position, for example through resignation.

As company directors is understood: a director, manager, secretary or other similar officer of the body or any person purporting to act in such capacity. Therefore all management and persons that are able to influence acts – or not acting where it was supposed – regarding direct marketing, have to be informed of this new legislation. The ICO competence to fine is broadened in order to create more awareness about unrequested direct marketing such as nuisance calls. PECR applies to email marketing, live calls, automated calls, text messages and faxes.

Looking at the fines that ICO has rendered this year, it is clear that ICO focuses on high impact data breaches, political impact and unrequested marketing. Therefore it is not unthinkable that a fine will be levied upon the directors of a company any time soon.

If you have any questions regarding this new legislation, please contact our privacy team.