The government has recently
given the ICO new powers to clampdown on nuisance calls, texts and emails. Potential fines of
£500,000 could be imposed for making calls without appropriate consent. And
this month the ICO has imposed a £60,000 fine on a relatively small direct
marketing company for a breach of e communication regulations. It’s a reminder,
if one were needed, of the urgent need for companies of all sizes to review their
processes for obtaining consent from individuals before they use their personal
data in a way that may breach data protection legislation. At Big Data Law in
London we offer tailor-made guidance on data security law – and our advice
always comes direct from a specialist solicitor.
ICO COMPAINT FIGURES SHOW MIXED
PICTURE
Figures from the ICO show an
explosion in calls to individuals about PPI, personal injury claims and other
matters. Interestingly the same set of figures show the lowest ever number of
complaints about unwanted emails. In fact, according to the ICO there were just
60 such complaints in July 2018. The ICO suggests that one reason for the large
dip in email complaints could be that companies have reacted positively to the
implementation of GDPR and introduced stricter personal data management
processes. Of course this is to be welcomed. But the recent fine by the ICO on a directmarketing company shows there is no room for
complacency when it comes to using email to market services. And post GDPR,ICO
enforcement action is likely to be more common and more severe.
EVERYTHING DIRECT MARKETING
LIMITED: THE FACTS
Steven age-based Everything DM
Limited (EDML) was fined £60,000 for sending almost 1.5 million emails without
consent. The ICO found that between 2016 and 2017 the company charged its
clients for sending the huge tranche of unsolicited marketing emails. And the
company did so without taking the necessary steps to ensure they had complied
with the Privacy and Electronic Communications Regulations (PECR).
WHAT IS PECR?
The PECR operate in parallel
with GDPR. They are rules that provide individuals with greater protection when
it comes to electronic communications. For our clients the relevant PECR
provisions relate specifically to:
·
Electronic
marketing, including calls, texts and emails and faxes. Different rules apply when marketing to individuals
and companies but usually specific consent is required – often obtained through
an opt-in box enabling an individual to confirm they agree to receive
electronic communications from you.
·
Cookies
and similar website tools. Visitors to a website must be made aware that there
are cookies on the site and what they are for. Consent to store cookies on an
individual’s device is almost always required.
PECR AND GDPR
Although the EDML fine relates
to activity that occurred before GDPR it shows the data protection implications
for companies engaged in unsolicited e marketing. While we have pointed out
that GDPR compliance is possible without getting the consent of individuals to the use of their
data, when you do need consent the way you obtain it is key. In the EDML
decision the ICO was clear:
CAN WE HELP?
At
Big Data Law we are gdpr solicitors London our team of solicitors works with companies across a range of sectors to
ensure their data management processes are effective and fully compliant with all
relevant regulations. We offer bespoke guidance on GDPR and related rules
including PECR.
EDML has not just suffered the
reputational damage of an ICO fine it must now also comply with an enforcement
notice – scrutiny that will possibly disrupt its core business. With the right
advice you can avoid this type of regulatory intervention and any negative
impact it could cause.
To
discuss how we can assist you for saving your private information, please contact data protection lawyer uk.
Call for more information
on 0203
670 5540.
No comments:
Post a Comment