Unsolicited direct marketing calls and messages are one of the main sources of complaint to the ICO and as a result are one of the most heavily enforced areas of data protection legislation. Understanding the likely triggers for such enforcement actions and the aggravating or mitigating steps taken by organisations can help inform your marketing strategies.
The current maximum fine for breaches of PECR is £500,000 which is a hold over from the old maximum amounts contained within the Data Protection Act 1998. When the DPA 2018 was introduced, the maximum penalties for infringements under that Act were increased in line with the requirements of GDPR (now UK GDPR) and are now £17,500,000 or 4% of the undertakings total annual worldwide turnover whichever is higher but penalties under PECR remained aligned with the old law. The DPDI Bill proposed to increase the maximum PECR fines to align with those for breaches of UK GDPR. This would have meant a maximum penalty of £17,500,000 or 4% of the undertaking's total annual worldwide turnover, whichever is higher. With the Bill not passing before the UK General Election, the proposed changes to PECR fines will not now be implemented in the immediate future. However, the ICO continues to actively enforce PECR, with numerous fines issued in recent months. While the proposed increase in fines has not materialised, the ICO may still impose significant penalties within the current £500,000 limit, especially for deliberate or serious breaches.
View ICO Enforcement Updates (PECR) - March & April 2024
View ICO Enforcement Updates (PECR) - January 2024
View ICO Enforcement Updates (PECR) - December 2023
VIEW ICO ENFORCEMENT UPDATES (PECR) – October 2023
View ICO Enforcement Updates (PECR) – September 2023
View ICO Enforcement Updates (PECR) – August 2023
View ICO Enforcement Updates (PECR) – July 2023
View ICO Enforcement Updates (PECR) – June 2023