And it has nothing to do with money
I’ve heard many people say there is no need to worry about the ICO. Yes, they can fine you up to £4 million, but it won’t happen to you.
It’s true that most businesses are unlikely to receive a fine anywhere near this figure, or a fine at all.
So, why should you worry?
Because it’s not their financial penalties that have the greatest effect on a business, it’s the other consequences of a visit by the ICO that can sink a company!
Many people don’t realise the depth of questioning involved when the ICO starts an investigation. Questions not just on the issue raised, but questions about all aspects of your data handling activities. This can bring to light things you may not realise are a problem and can certainly cause a few sleepless nights.
Whatever the outcome, a visit from the ICO will have a toll on your business. There is the time spent finding the answers to those questions, which can involve auditing your systems and speaking with suppliers, then nervously awaiting their decision.
And even though you may not receive a fine, the reputational damage that inevitably comes from a regulator’s investigation could weigh heavy.
5 companies found this to their cost when the ICO investigated complaints about breaches of the Telephone Preference Service register. The companies had made marketing calls selling insurance for appliances, for example washing machines and boilers.
Not only did they ignore the fact that recipients had objected to receiving marketing calls, they also targeted a certain demographic, homeowners over 60 who had landlines. During the calls which were sometimes distressing to the homeowner, they used high pressure tactics to acquire payment details, providing false and misleading information about the policies.
These practices came to light because these companies ignored the law, which allowed the ICO to delve deep into their operations. The fines weren’t large by the ICO’s standards, the biggest one being £140,000, but the exposure of the people running these businesses as unscrupulous and uncaring, with the ICO commenting that 1 company broke the law on marketing to “maximise turnover and profit” will have more long-lasting consequences.
This behaviour is an extreme example of what can be revealed when the ICO become involved in investigating alleged breaches of data protection laws.
The vast majority of responsible businesses aim to operate within the law but it can be easy to miss something in your processes that inadvertently crosses the line of what is legal. And this can remain hidden for years until it comes to light as a result of a complaint about something completely different.
What you need is an expert eye that can review your marketing processes and provide valuable feedback, not just on its compliance with the law but also best practice.