23 March 2018
Marketing teams, website owners and communications businesses should be taking immediate action to comply with the new UK Privacy and Electronic Communications (EC Directive) Amendment Regulations 2011 which have come into force on the 26th May 2011.
These new UK Regulations amend the 2003 ‘e-Privacy' Regulations and set out specific data privacy rules for communications businesses collecting ‘personal' or location-based data as well as rules for all organisations using personal information for email, text, phone or fax marketing.
Key points to note are as follows:
- Mandatory Data Breach Notice for Communications Providers: Telecoms and internet service providers (ISPs) are now under a positive duty to notify the UK Information Commissioner (ICO), and in serious cases, affected subscribers/users where personal data has been lost or subscriber/user data security has been compromised;
- New Powers to Fine up to £500,000: Perhaps even more significantly, the ICO has been given new powers to penalise organisations up to £500,000 (GBP) for serious breach of the ePrivacy Regulations. This extends the powers granted last year under the Data Protection Act and in particular means that restrictions on the sending of unsolicited email, phone and text marketing to individuals needs to be given much greater scrutiny.
While telecommunications businesses and ISPs are hardest hit by the new ePrivacy Regulations, all organisations need to take note. Specifically sales and marketing teams, fundraisers and any business engaged in public communication needs to be aware that the consequences of playing fast and loose with privacy rules on email and phone marketing are now much more serious.
The new ePrivacy Regulations only apply to UK organisations although since they are based on an EU Directive, equivalent rules should be coming into force though national law in other parts of the European Union.