The Information Commissioner has imposed a £60,000 monetary penalty on Everything DM Limited (EDML) for sending 1.42 million emails without consent. This was done in contravention of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) which set out strict rules around direct marketing and unsolicited communications.
Does PECR apply to all businesses?
PECR will apply to you if you:
- Market by phone, email, text or fax;
- Use cookies or a similar technology on your website; or
- Compile a telephone directory (or a similar public directory).
It’s important to remember that businesses cannot usually send marketing emails unless the recipient has notified the sender that they consent to such emails being sent by, or at the instigation of, that sender.
If you want to know more about the PECR rules click here.
Update
In other news on the same topic, new Regulations took effect from 8 September 2018 which prohibits live unsolicited calls for the purposes of direct marketing relating to claims management services except where the person called has given prior consent to receiving such calls.
Note that the EU is in the process of replacing the e-privacy Directive with a new e-privacy Regulation to sit alongside the GDPR. However, the new Regulation is not yet agreed and for the moment, PECR continues to apply alongside the GDPR.
The enforcement notice can be found here.