The ICO has recently imposed the maximum fine of £500,000 on a Scottish company, CRDNN Ltd for making nearly 200 million automated nuisance calls.
After receiving over 3000 complaints about CRDNN Ltd, formerly known as Contact Reach Digital Ltd, the ICO launched an investigation which resulted in a fine of £500,000 for unlawful marketing in the form of automated nuisance calls. Of those calls made, over 63.5 million connected. Some were even made to Network Fall’s Banavie Control Centre, clogging the line meant for drivers and pedestrians at unsupervised rail crossings, potentially putting lives at risk.
The investigation was launched after a raid by the ICO, of the company’s headquarters in Clydebank where computer equipment and documents were seized. The investigation revealed that over 1.6 million calls per day were being made between June 1st and October 1st of 2018. The calls were for the purpose of direct marketing and they were made from so-called ‘spoofed’ numbers. This means that people who received the calls could not identify who was making them, which is against Article 14 GDPR.
In a statement by the ICO’s head of investigations, Andy Curry, he reveals that not only were these calls unsolicited, but consumers who attempted to opt out of those calls were simply bombarded with even more as a result. Mr Curry goes on to explain that CRDNN incurred the maximum fine due to the fact that the company’s directors “knowingly operated the business with complete disregard for the law” and did all in their power to avoid detection, even going as far as transferring the operation abroad, and attempting to liquidate.
The ICO has issued an enforcement notice to the CRDNN Ltd, ordering them to comply with the privacy and electronic communications regulations laws within 35 days of their receipt of this notice. This enforcement notice, issued on February 26th 2020, states that CRDNN’s actions violated regulations 19 and 24 of PECR.
We recently reported on two fines issued by the Italian DPA (Garante) on TIM Spa ,and Eni Gas E Luce, for Euro 27.8 million and 11.5 million respectively. The ICO has now taken a stand against data mismanagement with this new fine. With officials cracking down on companies which mismanage their data, it is imperative that companies ensure that they are in line with the GDPR, PECR 2013, and the DPA 2018.