A boiler replacement company has been fined £160,000 by the ICO for calling over 850,000 people who had registered with the Telephone Preference Service (TPS) and for transparency failings.
The Privacy and Electronic Communications Regulations 2003 (PECR) require businesses to have cleaned their phone number data against the TPS before using the data for live marketing calls. The only exemption to this requirement is if the people had previously consented to marketing calls from the company.
Furthermore, the company failed to correctly identify themselves. Whilst a CLI (the number) was presented, the company did not properly identify themselves, using a different company name than their actual trading name and also using a local number even when in some circumstances they were not local to that number (e.g. they called from Glasgow, but the CLI was a Birmingham code), so the ICO found them guilty of providing vague, false and misleading information during the call.
How to make sure you comply
There is nothing new here in terms of expected compliance. If you are planning on using a database of numbers to cold call consumers or businesses you must:
- Clean the data against the TPS (you’ll need a licence to do this) or make sure you have already collected consent for the calls (calls to businesses must be screened against the CTPS (Corporate TPS), unless you can be sure the supplier of the numbers has cleaned it (you will need to be able to prove this via a contract with the data supplier)
- Provide a CLI (call line identifier) which shows the person at the other end of the call the phone number you are using
- Make sure you are clear who you are and why you’re calling
Providing cost-effective, simple to understand and practical GDPR and ePrivacy advice and guidance, via my one-stop-shop helpline. I ❤️ GDPR