top of page

The incredible shrinking marketing person

For those old enough to remember Scott Carey, you will be au fait with The Incredible Shrinking Man.

But the incredible shrinking marketing person is no science fiction. I have seen marketing folk shrink from a mixture of awkwardness and embarrassment when the subject of direct marketing comes up.

Here’s how the story goes… the company is investigated by the Information Commissioner’s Office (ICO) for breach of direct marketing laws. All heads turn to the marketing person in the room, who is, for the most part, looking blank.

I’ve seen it happen many times over the years and I feel sorry for them every time. Why? Because not only is it the responsibility of the company directors, but there are very few companies, trade bodies and marketing people who are aware of or have been properly trained on direct marketing regulations - the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), in particular.


To set the scene, I am a solicitor with many years of experience dealing with enforcement cases brought by the ICO in the UK.

Scene 1

I am usually referred to companies who have received a formal letter of investigation from the ICO. The letter sets out their concerns about possible breaches of the direct marketing laws and which of their powers they might use.

This includes large fines of up to £500,000 for the company and the same for the directors. Naturally, the directors are very, very concerned.

Scene 2

They invite me to their office to discuss the ICO’s letter and how best to proceed. A lot of their questions, of course, turn to what impact it might have on them personally. They are worried about their homes and personal assets.

The meeting is usually in their boardroom with all the directors attending and both the head of marketing (and/or compliance). I am always ushered in quietly because they don’t want the staff to find out what has happened and why I am there.

After the usual introductions and an explanation from me about the ICO’s enforcement processes, we turn to the dreaded letter, of which we all have a copy.

Scene 3

The letter of investigation is the start of the case and the ICO ask a lot of questions about what they believe has gone wrong. They ask about the alleged breaches and what the company has been doing to come to their attention. They want to know how much marketing activity has taken place, such as how many outbound calls have been made or text messages/emails sent. Where did the data come from? How was consent obtained? What contracts were in place? The list goes on.

Scene 4

As you can imagine, the atmosphere is not great and it is only a matter of time before one of the senior directors looks up from the ICO’s letter and directs his attention to the head of marketing.

So, this is a serious marketing issue?” or words to that effect are uttered. The director’s face is set in stone as he stares at their marketing expert. And so the shrinking begins!

Scene 5

The head of marketing would rather be anywhere else right now, as all attention turns on them. They have to explain to their bosses why the company and them personally may be facing eye-watering sanctions from a regulatory body as a result of their team. They are already looking smaller in their chair and very uncomfortable.

But things get worse!

Scene 6

As we are going through the letter, it becomes apparent that the company has enjoyed recent growth from its marketing efforts, with increased sales, staff numbers and profit. They’ve had happy times, with their sights set on expansion.

We then move to the rules which the ICO are alleging have been breached. The Privacy and Electronic Communications (EC Directive) Regulations 2003, known as ‘PECR’. They govern what you can and can’t do when it comes to direct marketing, such as by phone, email, text or automated calling.

If you are doing any such marketing, the ICO expect you to know and understand the rules. Failure to do so may be seen as an aggravating factor in their decision-making process and, indeed, increase the level of possible fines.

So then come the killer questions in the letter:

Please provide copies of your training documents used to inform staff about lawful contact with customers”.

That is, evidence that the company has undertaken PECR training.

Again, all eyes turn to the very uncomfortable-looking marketing person.


Their desire to hide under the board table is becoming more and more evident as they gulp and answer: “We’ve done GDPR training, but nothing specific to these rules”.

Why not?” comes the response.

They are visibly sweating now as they answer: “I’m sorry, but I’ve never heard of PECR before”. The shrinking continues.

I’m sure every time we reach this point, the air feels cooler and you can hear a pin drop. An awkward silence, which I break by moving to the next ICO question: “Please provide any policies and procedures regarding contact with customers and your responsibilities under PECR”.

Scene 7

I’m now feeling sorry for the head of marketing as they slowly shake their head to confirm they have none of them. The tension in the room and the visible anger of the directors make them look smaller by the second.

I usually try to rescue them in some way by explaining that many companies overlook PECR and that they are not alone. I always hope this helps and ends the awkward shrinking.

Scene 8

Once I have the initial responses to the questions, I am able to advise the company on the best way to respond to the ICO. They may have a full defence to the alleged breaches or it may be a case of admitting mistakes have been made and putting forward the best mitigation.

The Final Scene - The moral of the story

The lesson from this short story is, do not overlook PECR. Whilst we all seem to worry about compliance with GDPR, it is the PECR rules which cause the most fines and damage to businesses.

I’ve seen many companies suffer serious financial and reputational difficulties as a result of ICO enforcement. And lots of shrinking marketing people!

If you want to ensure your teams are compliant with PECR regulations, you can enrol them on my online training course. They can complete the course at any time, at their own pace, it’s CPD -accredited and it’s a very reasonable £75+VAT per head.

But more than that, if you are ever investigated by the ICO, you can prove that your teams are trained on PECR regulations, with no more shrinking people!


bottom of page