Manchester-based Oaklands Assist UK Ltd has been fined £150,000 by the ICO for making approximately 64,000 nuisance direct marketing calls to people who had already opted out of automated marketing.
Serious Contravention of UK Law & EC Directive
The monetary penalty by the ICO was delivered under section 55A of the Data Protection Act 1998 (DPA) due to a “serious contravention” of Regulations 21 and 24 of the Private and Electronic Communications (EC Directive) Regulations 2003.
The law states that live calls must not be made to any number registered with the Telephone Preference Service (TPS) unless they have specifically consented to the call. It appears, however, that Oaklands Assist UK Ltd completely ignored this, and continued to call those who had opted out via the TPS.
It has been reported that Oaklands Assist UK Ltd was one of the most complained-about organisations in June 2017, clocking up 59 complaints. It is understood that the nature of the calls related to questions about accidents that call recipients may have had.
The complaints ranged from reports of:
- Callers being abusive when asked how they got recipients details and using profane language when hanging up.
- Callers becoming angry and aggressive when asked to remove recipients details from the call list (when the recipient was on hands-free in the car, with children present).
- Callers making repeated and often silent calls, and even call recipients complaining of stress, exhaustion, and depression as a result of receiving and trying to avoid multiple calls.
According to the ICO, Oaklands Assist UK Ltd ignored requests for information from the ICO that had been made six months earlier and only responded when threatened with criminal proceedings by the ICO. Even then, the company was reported to be “vague and obstructive” in their answers.
Tried To Escape
It has also been reported that the ICO had to intervene to prevent Oaklands Assist UK Ltd from being struck off the Companies House register, which is thought to have been a bid by the company to escape the sanction.
Moves are also now afoot by the UK government to make directors of companies personally responsible for penalties such as ICO fines to stop them from evading penalties by dissolving the offending company and simply starting up again under a different name.
What Does This Mean For Your Business?
If you’ve ever had your time wasted and/or perhaps even experienced abuse from callers asking you about the accident that you (haven’t) had, then this action by the ICO will be music to your ears. Of course, you can register with the TPS not to receive unwanted marketing calls but in this case, the company concerned simply ignored that service, and ignored any rules and regulations surrounding making outgoing marketing calls.
Unsolicited calls can be a major disruption to businesses, even if the calls are not abusive or relating to fake accidents or PPI. For example, Ofcom data shows that UK consumers received 2 billion+ calls and texts from claims firms in 2017, and Aviva data shows that this is the equivalent of 6 million calls and texts per day, (mainly aimed at people aged 65 and above). Not only does this disrupt any businesses that receive the calls, but it also makes it more difficult for direct marketers who do play by the rules, and makes consumers simply want to dismiss all marketing calls, favouring non-interruptive communications.
GDPR was introduced to give us more rights where the use of our personal data is concerned, and gives us the right to be forgotten. As consumers, this may make us feel as though it has given us more power, but for businesses it has also created a lot of work in preparation for GDPR, has required extra costs of hiring / appointing / training an in-house DP expert, as well as creating the fear of fines or other problems though not being able to fully comply with the extensive detail of the Regulation. Companies should, however, be more re-assured by recent comments from ICO Deputy Commissioner James Dipple-Johnstone who was quoted as saying that businesses that take their data protection responsibilities seriously “have nothing to fear from an ICO inspection or investigation” and that the real norm of the work of the ICO relating to GDPR is simply audits, advisory visits and guidance sessions.