Directors can now be personally liable for breaching PECR

Directors can now be personally liable for breaching PECR

As the year end approaches and we reflect back on a very hectic time prior to the introduction of the GDPR in May, we are still waiting for the final draft of the new ePrivacy Regulation which like the existing ePrivacy Directive covers:

  • Marketing telephone calls, emails, texts and faxes
  • Cookies
  • Keeping communications secure
  • Customer privacy (for example location data, itemised billing etc).

The ePrivacy Regulation sits alongside the GDPR and in the UK, the Data Protection Act, but it is not yet fully clear how this will be amended in line with the GDPR (we expect to know how it will change at some point during 2019, but if history is anything to go by, don’t hold your breath), so it as ‘as you were’ at the moment for the above activities, but be aware the new Regulation may have significant implications for those in the B2B electronic marketing arena.

It is vital that organisations must comply with both the ePrivacy legislation and the GDPR.

However, the Government has issued an Amendment to the original PECR legislation, which brought the ePrivacy Directive into UK law.  This amendment, which came into force on 17 December 2018, broadens the scope of monetary penalties that can be imposed by the Information Commissioner for breaches of the Regulation.

The difference to note is that in addition to the legal entity receiving a sanction, Directors can now be personally liable for fines arising from a serious breach, if that is, it is proven that the individual has been responsible or aware of the actions that led to the breach.  The fine could be up to half a million pounds.

The Government states on its website that:

“These amendments are intended to ensure that the penalty regime for breaches is effective, proportionate and dissuasive”. 

If you want more information regarding how to comply with PECR there is a very useful guide on the Information Commissioner’s website here, or of course, please contact us here at the Griffin House Consultancy for a user friendly, commercially astute view of how to ensure your organisation is compliant with all the relevant data protection legislation.

Contact our team of specialists today on 01673 885533.