£60,000 ICO FINE: HAVE YOU REVIEWED CONSENT MECHANISMS?

1. £60,000 ICO FINE: HAVE YOU REVIEWED CONSENT MECHANISMS? The government has recently given the ICO new powers to clampdown on nuisance calls, texts and emails. Potential fines of £500,000 could be imposed for making calls without appropriate consent. And this month the ICO has imposed a £60,000 fine on a relatively small direct marketing company for a breach of e communication regulations. It’s a reminder, if one

2. were needed, of the urgent need for companies of all sizes to review their processes for obtaining consent from individuals before they use their personal data in a way that may breach data protection legislation. At Big Data Law in London we offer tailor-made guidance on data security law – and our advice always comes direct from a specialist solicitor. ICO COMPAINT FIGURES SHOW MIXED PICTURE Figures from the ICO show an explosion in calls to individuals about PPI, personal injury claims and other matters. Interestingly the same set of figures show the lowest ever number of complaints about unwanted emails. In fact, according to the ICO there were just 60 such complaints in July 2018. The ICO suggests that one reason for the large dip in email complaints could be that companies have reacted positively to the implementation of GDPR and introduced stricter personal data management processes. Of course this is to be welcomed. But the recent fine by the ICO on a direct marketing company shows there is no room for complacency when it comes to using email to market services. And post GDPR,ICO enforcement action is likely to be more common and more severe. EVERYTHING DIRECT MARKETING LIMITED: THE FACTS Steven age-based Everything DM Limited (EDML) was fined £60,000 for sending almost 1.5 million emails without consent. The ICO found that between 2016 and 2017 the company charged its clients for sending the huge tranche of unsolicited marketing emails. And the company did so without taking the necessary steps to ensure they had complied with the Privacy and Electronic Communications Regulations (PECR). WHAT IS PECR? The PECR operate in parallel with GDPR. They are rules that provide individuals with greater protection when it comes to electronic communications. For our clients the relevant PECR provisions relate specifically to: Electronic marketing, including calls, texts and emails and faxes. Different rules apply when marketing to individuals and companies but usually specific consent is required – often obtained through an opt-in box enabling an individual to confirm they agree to receive electronic communications from you.

3. Cookies and similar website tools. Visitors to a website must be made aware that there are cookies on the site and what they are for. Consent to store cookies on an individual’s device is almost always required. PECR AND GDPR Although the EDML fine relates to activity that occurred before GDPR it shows the data protection implications for companies engaged in unsolicited e marketing. While we have pointed out that GDPR compliance is possible without getting the consent of individuals to the use of their data, when you do need consent the way you obtain it is key. In the EDML decision the ICO was clear: CAN WE HELP? At Big Data Law we are gdpr solicitors London our team of solicitors works with companies across a range of sectors to ensure their data management processes are effective and fully compliant with all relevant regulations. We offer bespoke guidance on GDPR and related rules including PECR. EDML has not just suffered the reputational damage of an ICO fine it must now also comply with an enforcement notice – scrutiny that will possibly disrupt its core business. With the right advice you can avoid this type of regulatory intervention and any negative impact it could cause. To discuss how we can assist you for saving your private information, please contact data protection lawyer uk. Call for more information on 0203 670 5540. Reach us @ https://www.nathsolicitors.co.uk/