Attention All Marketeers...
The ICO have been given an early Christmas present – come the 17th December 2018, individual directors and company officers may be held PERSONALLY liable for fines issued by the ICO. Amendments to the PECR – Privacy and Electronic Communications (EC Directive) Regulations 2003- http://www.legislation.gov.uk/uksi/2018/1189/regulation/2/made - mean that where the ICO have served a monetary penalty on the firm for a breach which was aided by the ‘consent or connivance of the officer’ or ‘neglect on the part of the officer’, the ICO can ALSO serve a monetary penalty on the officer.
Who then qualifies as officer? The amendment spells out the potentially liable individuals as ‘directors, managers, secretaries or similar officer’ of a corporate body.
Motivated by the practice of some directors to shut up shop to avoid fines and the rigour of PECR for illegal marketing activities, only to set up similar enterprises with similar practices, the empowerment of the Commissioner to target individual officers with personal liability extending up to £500,000 will bring a sharp focus on the actions of marketing companies and departments. The requirements of PECR are little-known in comparison to the GDPR, with little attention being attributed to the legislation in the furore of the build up to GDPR. Revisions of the ePrivacy regulations are awaited from Europe but this timely introduction of personal liability will put PECR firmly in the spotlight and make for very nervous marketeers!