Complaints
-
The Data (Use and Access) Act 2025 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
If someone complains about your electronic marketing (eg spam calls or texts), cookies or other privacy issues regarding electronic communications, we will record and review their concerns, and we may investigate your compliance with PECR. If we decide it is likely you have failed to comply with PECR or other data protection legislation, we may ask you to take steps to remedy this and avoid similar complaints in future. If appropriate, we may decide to take enforcement action.
We do not always investigate individual complaints. However, we do encourage individuals to report their concerns to us. Although we do not investigate every individual complaint, we use this information to monitor compliance and decide where to take enforcement action. Our enforcement action is likely to focus on organisations that generate the most complaints.
The concerns section of our website contains more information on when and how individuals can report their concerns to us.
If someone suffers damage because you breached PECR, they can also make a claim against you in court for compensation under regulation 30, without involving the ICO. A possible defence to such a claim is to prove that you took all reasonable care to comply.