top of page

Personal Liability of Directors for Breaching PECR 2003

In today's digitally-driven world, privacy concerns have become paramount. As businesses increasingly rely on electronic communications, the protection of personal data is a pressing issue. In the United Kingdom, the Privacy and Electronic Communications Regulations (PECR) 2003 play a crucial role in safeguarding individuals' privacy rights in electronic communications.

However, what happens when a breach occurs, and who bears the responsibility? In this blog, we delve into the personal liability of directors for breaches of PECR 2003.

The Importance of PECR 2003

The PECR 2003 is legislation designed to protect individuals' privacy in electronic communications. It covers various aspects, including marketing communications, cookies, and security of communications. Among its key provisions are rules regarding unsolicited marketing communications, requiring consent from recipients before sending electronic marketing messages.

Directors' Duties and Responsibilities

Directors of companies have fiduciary duties and responsibilities towards their shareholders and the public. These duties encompass acting in the best interests of the company, exercising reasonable care, skill, and diligence, and ensuring compliance with relevant laws and regulations. Breaching these duties can result in serious consequences for directors, including personal liability. 


Personal Liability for Breaches of PECR 2003

While the PECR 2003 primarily imposes obligations on companies, directors can also be held personally liable for breaches under certain circumstances. The principle of directorial liability stems from their duty to ensure compliance with the law and prevent any unlawful activities within the company.

Directors can be held personally liable for breaches of PECR 2003 if it can be demonstrated that:

1.     They authorised or consented to the breach: If a director actively

authorised or consented to actions that led to the breach of PECR 2003, may be held personally liable. This might include approving marketing

strategies that involve sending unsolicited electronic communications

without proper consent.

2.     They neglected their duties: Directors have a duty to oversee the

activities of the company and ensure compliance with relevant laws. If a

breach occurs due to a director's neglect or failure to exercise reasonable

care, they may be held personally liable.

3.     They were personally involved: Directors who actively participate in the

breach of PECR 2003, such as personally sending unsolicited electronic

communications without consent, can be directly liable for their actions.

Consequences of Personal Liability

The consequences of personal liability for directors can be severe. They may face fines of up to £500,000, disqualification from serving as directors, and even criminal prosecution in cases of serious breaches. Additionally, personal liability can tarnish a director's reputation and credibility, affecting their future prospects in business.

Mitigating Risks and Ensuring Compliance

To mitigate the risks of personal liability for breaches of PECR 2003, directors should take proactive steps to ensure compliance within their organizations. This includes:

1.     Understanding the law: Directors should familiarize themselves with the

provisions of PECR 2003 and ensure that relevant personnel within the

company are also aware of their obligations.

2.     Implementing compliance measures: Establishing robust policies and

procedures for electronic communications, obtaining proper consent for

marketing activities, and regularly auditing compliance are essential steps to

prevent breaches.

3.     Training and education: Providing training to staff members on PECR

compliance and conducting regular reviews to ensure adherence to policies

can help mitigate risks.

4.    Seeking legal advice: When in doubt about the legality of certain activities,

directors should seek legal advice to ensure compliance and mitigate

potential risks.

In conclusion, directors of companies must recognise the personal liability they may face for breaches of PECR 2003. By understanding their duties, taking proactive steps to ensure compliance, and implementing effective measures, directors can protect themselves and their companies from legal repercussions while upholding individuals' privacy rights in electronic communications.



bottom of page