CPS Advisory fined for unauthorized cold calls
CPS Advisory faces ICO fine for making more than 100,000 unauthorized pension-related direct marketing calls.
As technological advances, globalization—and now worldwide health & safety threats (such as COVID-19)—continue to catapult our world further into the remote sphere, more and more businesses are turning to cold calling and other such distanced customer engagement methods to keep their businesses alive. Yet if companies are not diligent, what may seem a prudent, practical, inevitable business development solution—especially in these unprecedented 2020 times—could plunge them into some serious hot water. This is the case for Swansea, UK based company CPS Advisory (CPSAL).
According to the ICO, an investigation into CPS Advisory’s operations revealed that during the period January 11 2019 to April 30 2019, the company made 106,987 unsolicited direct marketing calls related to occupational pension and/or personal pension schemes contrary to regulation 21B of PECR.
The ICO article summarizes that “under the new law, companies can only make live calls to people about their occupational or personal pensions if:
- the caller is authorised by the Financial Conduct Authority (FCA), or is the trustee or manager of an occupational or personal pension scheme;
- the recipient of the call consents to calls, or has an existing relationship with the caller and the relationship is such that the recipient might reasonably envisage receiving unsolicited calls for the purpose of direct marketing in relation to occupational pension schemes or personal pension schemes; and
- the recipient of the call has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of the recipient’s contact details for the purpose of such direct marketing, at the time that the details were initially collected and, where the recipient did not initially refuse the use of the details, at the time of each subsequent communication.
As a result of this breach, the ICO Monetary Penalty Notice notes that the Information Commissioner decided to issue CPSAL with a monetary penalty under section 55A of the Data Protection Act 1998 (DPA).
PECR & GDPR – how do they fit
According to the ICO, “the GDPR does not replace PECR, although it changes the underlying definition of consent. Existing PECR rules continue to apply, but use the new GDPR Standard of consent.
Does PECR apply to you & your company?
The ICO offers that although some of the rules apply only to organisations that provide a public electronic communications network or service, PECR will apply to you if you:
- market by phone, email, text or fax;
- compile a telephone directory (or a similar public directory)
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- Dutch DPA imposes fine for delayed report of a data breach - April 16, 2021
- Facebook data leak affects over half a billion users worldwide - April 14, 2021
- Digital Green Certificates: the EDPB and EDPS release a joint opinion - April 9, 2021