While the recent statutory instrument that amends the PECR (Privacy and Electronic Communications Regulations) appears to be aimed at the directors of organisations that brazenly flout the law in respect of direct marketing (whether by email or telephone), the reality is that all directors are potentially on the hook.
The new law says that, where the ICO (Information Commissioner’s Office) has fined an organisation for a breach of the PECR and that breach came about because of either the connivance or the negligence of the directors or senior managers, the ICO can fine those directors up to £500,000.
The challenge is not that most legitimate organisations will ‘connive’ to break the PECR. It’s much more that their negligence – in not ensuring, for instance, that there’s a genuine legitimate interest and lawful basis for marketing to a number of individuals – will get them into trouble.
Any sensible company director or marketing manager should satisfy themselves that the organisation has an appropriate privacy notice, a lawful basis for its marketing communications, and appropriate opt-out and other data subject rights provisions.
If you’re not sure, talk to your lawyers – or to one of our privacy specialists in GRCI Law.