Sout Wales Firm Fined for GDPR non compliance
06Jul, 2018

A South Wales firm has been fined £60,000 by the Information Commissioner for allowing its lines to be used to send spam texts to more than 270,000 people, without their consent.

A total of 274,423 unsolicited text messages promoting pay day loans were sent between November 2016 and January 2017 via SIM cards registered to STS Commercial Limited of Bridgend, which was against the law. The company, which is registered as an IT service provider, had previously been linked to another investigation by the ICO into other similar practices.

The activity came to light when the ICO met with network providers, one of which had identified unsolicited marketing activity in the Bridgend area.

In responding to a notice from the ICO, the network later reported receiving 268 complaints through its spam reporting system during this period.

The Commissioner’s investigation revealed that STS relied on the consent of a third party but did not carry out sufficient due diligence checks to ensure that the data complied with the Privacy and Electronic Communications Regulations (PECR). Neither the third party nor STS could provide evidence to support this.

ICO Head of Enforcement, Steve Eckersley, said:

“Companies that send spam texts to people without their consent are flouting the law and I hope today’s fine acts as a stark warning. Having previously been given the opportunity to clean up its act, STS continued to engage in this activity and have now been penalised.”

During the Commissioner’s previous investigation, STS and its directors were reminded of their obligations under PECR, provided with a link to the Commissioner’s Direct Marketing Guidance, and informed of the Commissioner’s powers.