NEW penalties for unsolicited marketing
The General Data Protection Regulations (GDPR) made the headlines early in the year. In contrast, new data protection regulations that will come into force on 17th December this year have largely gone unnoticed. The new regulations could however result in substantial penalties not only for companies that break the regulations but also their directors. How has this arisen?
What is PECR and how does it differ to GDPR?
The Privacy and Electronic Regulations (PECR) have been in force since 2003. In broad terms, PECR prohibits:
- Unsolicited marketing emails
- Unsolicited faxes or texts
- Automated telephone calls unless the recipient has given consent
- Any marketing telephone calls where the recipient has said that they do not consent to the call e.g. by subscribing to the Telephone Preference Service.
Since 25th May, the standard of consent has been set by GDPR. The failure to opt out of receiving material is no longer consent: there must be an active opt in.
The new PECR regulation
Under the current regulations a company in breach of PECR is liable to prosecution and a monetary penalty of up to £500,000. In practice unscrupulous operators simply ignored PECR and, when the company received a fine, liquidated the company and set up a new one.
The new regulations will close this loophole in the law. From 17th December, in addition to the company, its officers will be personally liable for unsolicited direct marketing in breach of PECR. Officers will be liable if they have consented to or connived in a breach of PECR or if the breach is attributable to their neglect. The potential liability is a monetary penalty of up to £500,000.
Who is liable for breaching PECR?
And who are the officers? The new regulations apply not only to the directors but also to the company secretary, managers or anyone acting in a similar role, including the shareholders if, in reality, the affairs of the company have been managed by its members.
It is more than ever essential that all companies are aware of PECR and how it affects their marketing because it is likely that marketing and compliance with the PECR regulations will come under greater scrutiny in the coming months.
This blog article is ascribed to Geoff Trobridge (Partner and Data Protection Practitioner) and Jade Hawksworth (Trainee Solicitor in Corporate Team). If you need to review your business’s PECR or GDPR policies, get in touch with our Data Protection & GDPR Solicitors today.