Well, the ICO (Information Commissioner’s Office) is markedly faster out of the blocks in terms of dealing with PECR (Privacy and Electronic Communications Regulations) breaches than in dealing with GDPR (General Data Protection Regulation) ones. Some 16 company directors have received large personal fines for illegal nuisance marketing – high volume telephone/text/email marketing to individuals who have either not legally consented to receive marketing communications or who may have specifically registered to not receive such approaches.
The amendment to the PECR was only made in December 2018, so firm regulatory action within four months is impressive. Against that measure, the relative absence of GDPR enforcement action – apart, of course, from that against organisations that haven’t paid their registration fee – is more concerning.
We see firm action elsewhere in the EU, particularly in Germany. One must assume that the ICO is working on a large number of enforcement actions and that we’ll begin to see genuine action soon!
