Avoid a slice of ICO fines in your marketing campaign

Avoid a slice of ICO fines in your marketing campaign

National pizza chain Papa John’s (GB) Limited, has been fined £10,000 by the Information Commissioner’s Office (ICO) for sending unwanted marketing messages to its customers.  Whilst the fine is small, Papa John’s has found itself in the cross-hairs of a brand reputational crisis, with critical legal media and mainstream news coverage. 

All it took were 15 complaints from customers about nuisance messages for the ICO to start an investigation. 

In total, the ICO found that 168,022 unsolicited marketing messages had been received by customers over 7 months.

The investigation found that Papa John’s was relying on the ‘soft opt in’ exemption, under Privacy and Electronic Communications Regulations 2003.  This allows organisations to send electronic marketing messages to customers whose details have been obtained for similar services. But, in a warning to other brands, the ICO found that customers who had ordered a pizza over the telephone could not be considered a valid exemption.  They had not been provided with a privacy notice or the choice to opt out.

A minefield for organisations and legal teams to navigate

It can be easy to read this and relax, thinking ‘phew - I’m glad that is not me or my company’.  For many organisations, particularly those trading on brand prestige, the reputational risk posed by an ICO reprimand is significant and far outweighs the fine. 

In the case of Papa John’s, its marketing activities fell foul of an incorrect interpretation of the Privacy and Electronic Communications Regulations 2003 (PECR). There are many different pieces of legislation that legal teams must take into account when processing personal data in the course of marketing. The Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) broadly cover the obligations companies have in relation to personal data of customers, staff and other third parties.

In addition to the PECR, DPA and UK GDPR, there are various other laws which regulate marketing activities, such as the Consumer Protection from Unfair Trading Regulations 2008 and the Business Protection from Misleading Marketing Regulations 2008. Furthermore, there are several advertising codes of practice which must be adhered to, depending on the medium.

Knowing where to look, working out what applies and understanding what the legislation means is no easy matter.

How LexisNexis helps you reduce the legal risk of marketing campaigns

LexisPSL can help legal departments to stay on top of all the latest regulatory changes relating to marketing in one place, so that they can ensure their organisation doesn't fall foul of the rules. As well as reducing the risk of fines being imposed by the ICO, this can also help to ensure that reputational damage is avoided.

Back to Papa John’s.  With a subscription to LexisPSL the in-house team would have had access to our practice note on processing personal data for purposes of director marketing activities. This covers the PECR and UK GDPR, including rules for electronic marketing and postal or other non-electronic marketing. They would have been able to delve into the vast database of legal intelligence quickly spotting and understanding the latest developments in the realm of marketing regulations, including a useful direct marketing decision tree.

Ignorance is no defence. Why not see what LexisNexis can do to help minimise your legal risk?




Latest Articles:
About the author:
Alex Heshmaty is a legal copywriter and journalist with a particular interest in legal technology. He runs Legal Words, a legal copywriting and marketing agency.