PECR: The 2018 Amendment and What it Means for you
How Can You Solve Your Business Law Problems Today?
Unsubscribe at any time.
|
By using our online and in person legal coaching you no longer need to fear engaging with business lawyers and law firms and running up huge legal costs.
Sign up now to find out about our events schedule and pricing. |
The ICO have announced that they’re getting new powers to fine individuals of companies, including directors, and hold them personally liable if their company is found to be engaging in unlawful marketing schemes. This development could have huge consequences, and is due to officially come into play on 17th December 2018. It is still yet to be known how often the amendment will be exercised and which companies it will be holding accountable.
What is the PECR?
PECR stands for Privacy and Electronic Communications Regulations. It sits alongside the Data Protection Act 1988 and the General Data Protection Regulation 2018, and in essence, is designed to give you specific privacy rights when it comes to electronic communications. PECR regulates the processing of personal data and the protection of privacy in electronic communications.
PECR gives people privacy rights in relation to a multitude of electronic communications that specifically relate to direct marketing including nuisance calls, cookies and directory listings. The Regulation incorporates the GDPR definition of consent, which means offering individuals real choice and control over who can contact them.
PECR not only gives rights to individuals, but it also regulates you if you are an organisation that provides a public electronic communications network or service. It applies to you if you conduct any marketing by phone, email, text or fax; use cookies or a similar technology on your website; or if you compile a telephone directory (or similar public directory).
PECR Update – 17th December 2018 Amendment
PECR gets regularly updated and as such, the most recent update on 15th November 2018 comes into force on 17th December 2018. This update would allow the ICO to not only serve a Monetary Penalty Notice of up to £500,000 on data controllers who fail to comply with PECR, but also on an “officer of the body”. This could be a director, manager, secretary or other similar officer of the body who acts in such a capacity. PECR states that it is a necessary step for the Commissioner to have served a Monetary Penalty Notice on the data controller before serving one upon the officer. This could have far reaching consequences to the tune of up to £1 million.
The personal fine upon the officer can only be served when there has been an element of collusion of the officer or where the breach is due to the negligence of the officer. This is an imposing threat, as they could be held personally liable if the company ceases to exist after service of the Notice.
Now, you might be thinking, this seems harsh for sending a few spam emails, but this action is holding accountable a number of “rogue directors” who have been responsible for nuisance direct marketing schemes. They have also been escaping penalties imposed on them in a process called “phoenixing” by liquidating their company and incorporating a new one to start again and continue the cycle. So far, the ICO have fined a company £400,000, which lead to their subsequent liquidation because they couldn’t pay up. This may sound severe, but that company made almost 100 million nuisance calls over an 18-month period.
What it means for you
The risk for companies and officers within those companies is that if the company undertakes a direct marketing scheme and cannot justify it by using one of the six lawful bases that allow for Data Processing, then it’s very possible that that company and/or the officers of that company could be landed with a huge fine. Being able to make a director personally liable for a fine to the tune of hundreds of thousands is really quite an astonishing development. It remains to be seen how the ICO will wield their new powers. For more information please contact us at jimmy@coachinglaw.com or emmanuel@coachinglaw.com.
© 2019. Coaching Law Limited. All rights reserved.
Disclaimer
This site is not providing an SRA regulated service.
By accessing, viewing and/or using this site in any way, you hereby agree that nothing on this site should in any circumstances constitute legal advice and/or manifest or create any kind of solicitor/client or other relationship in any way. The contents of the website are for educational and general information purposes only. The information and content on the website are provided with no warranty, representation and/or any other kind of assurance (express or implied) as to the accuracy, completeness and/or timeliness of any single piece of information and content and we do not accept liability for any error or omission. We shall not be held liable for any damage howsoever caused (including, but not limited to, damage for loss of profits or
loss of reputation) arising in contract, tort or otherwise from the use of or lack of use of, this site, its information and content and affiliated sites, or from any action taken in connection with using this site, its information and content and affiliated sites. Most of (if not all of) of the events, information and/or content on this site may have been changed/updated since published and it is the responsibility of users of the website to decipher whether or not this is the case.
If you have any legal issues then you should seek and obtain advice from your own legal adviser or solicitor. By accessing and/or viewing all and/or any part of this site you hereby agree to all of this disclaimer and if you do not agree with all and/or any part of this disclaimer then please do not access, read and/or view any of the information and/or content of this site.
What is the PECR?
PECR stands for Privacy and Electronic Communications Regulations. It sits alongside the Data Protection Act 1988 and the General Data Protection Regulation 2018, and in essence, is designed to give you specific privacy rights when it comes to electronic communications. PECR regulates the processing of personal data and the protection of privacy in electronic communications.
PECR gives people privacy rights in relation to a multitude of electronic communications that specifically relate to direct marketing including nuisance calls, cookies and directory listings. The Regulation incorporates the GDPR definition of consent, which means offering individuals real choice and control over who can contact them.
PECR not only gives rights to individuals, but it also regulates you if you are an organisation that provides a public electronic communications network or service. It applies to you if you conduct any marketing by phone, email, text or fax; use cookies or a similar technology on your website; or if you compile a telephone directory (or similar public directory).
PECR Update – 17th December 2018 Amendment
PECR gets regularly updated and as such, the most recent update on 15th November 2018 comes into force on 17th December 2018. This update would allow the ICO to not only serve a Monetary Penalty Notice of up to £500,000 on data controllers who fail to comply with PECR, but also on an “officer of the body”. This could be a director, manager, secretary or other similar officer of the body who acts in such a capacity. PECR states that it is a necessary step for the Commissioner to have served a Monetary Penalty Notice on the data controller before serving one upon the officer. This could have far reaching consequences to the tune of up to £1 million.
The personal fine upon the officer can only be served when there has been an element of collusion of the officer or where the breach is due to the negligence of the officer. This is an imposing threat, as they could be held personally liable if the company ceases to exist after service of the Notice.
Now, you might be thinking, this seems harsh for sending a few spam emails, but this action is holding accountable a number of “rogue directors” who have been responsible for nuisance direct marketing schemes. They have also been escaping penalties imposed on them in a process called “phoenixing” by liquidating their company and incorporating a new one to start again and continue the cycle. So far, the ICO have fined a company £400,000, which lead to their subsequent liquidation because they couldn’t pay up. This may sound severe, but that company made almost 100 million nuisance calls over an 18-month period.
What it means for you
The risk for companies and officers within those companies is that if the company undertakes a direct marketing scheme and cannot justify it by using one of the six lawful bases that allow for Data Processing, then it’s very possible that that company and/or the officers of that company could be landed with a huge fine. Being able to make a director personally liable for a fine to the tune of hundreds of thousands is really quite an astonishing development. It remains to be seen how the ICO will wield their new powers. For more information please contact us at jimmy@coachinglaw.com or emmanuel@coachinglaw.com.
© 2019. Coaching Law Limited. All rights reserved.
Disclaimer
This site is not providing an SRA regulated service.
By accessing, viewing and/or using this site in any way, you hereby agree that nothing on this site should in any circumstances constitute legal advice and/or manifest or create any kind of solicitor/client or other relationship in any way. The contents of the website are for educational and general information purposes only. The information and content on the website are provided with no warranty, representation and/or any other kind of assurance (express or implied) as to the accuracy, completeness and/or timeliness of any single piece of information and content and we do not accept liability for any error or omission. We shall not be held liable for any damage howsoever caused (including, but not limited to, damage for loss of profits or
loss of reputation) arising in contract, tort or otherwise from the use of or lack of use of, this site, its information and content and affiliated sites, or from any action taken in connection with using this site, its information and content and affiliated sites. Most of (if not all of) of the events, information and/or content on this site may have been changed/updated since published and it is the responsibility of users of the website to decipher whether or not this is the case.
If you have any legal issues then you should seek and obtain advice from your own legal adviser or solicitor. By accessing and/or viewing all and/or any part of this site you hereby agree to all of this disclaimer and if you do not agree with all and/or any part of this disclaimer then please do not access, read and/or view any of the information and/or content of this site.