icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Privacy and Electronic Communications (EC Directive) Regulations 2003 [SI 2003 No. 2426] (PECR)Introductory TextRegulation 1 Citation and commencementRegulation 2 InterpretationRegulation 3 Revocation of the Telecommunications (Data Protection and Privacy) Regulations 1999Regulation 4 Relationship between these Regulations and the data protection legislationRegulation 5 Security of public electronic communications servicesRegulation 5A Personal data breachRegulation 5B Personal data breach: auditRegulation 5C Personal data breach: enforcementRegulation 6 Confidentiality of communicationsDraft Regulation 6A Power to provide exceptions to regulation 6(1)Regulation 7 Restrictions on the processing of certain traffic dataRegulation 8 Further provisions relating to the processing of traffic data under regulation 7Regulation 9 Itemised billing and privacyRegulation 10 Prevention of calling line identification - outgoing callsRegulation 11 Prevention of calling or connected line identification - incoming callsRegulation 12 Publication of information for the purposes of regulations 10 and 11Regulation 13 Co-operation of communications providers for the purposes of regulations 10 and 11Regulation 14 Restrictions on the processing of location dataRegulation 15 Tracing of malicious or nuisance callsRegulation 16 Emergency callsRegulation 16A Emergency alertsRegulation 17 Termination of automatic call forwardingRegulation 18 Directories of subscribersRegulation 19 Use of automated calling systemsRegulation 20 Use of facsimile machines for direct marketing purposesRegulation 21 Calls for direct marketing purposesRegulation 21A Calls for direct marketing of claims management servicesRegulation 21B Calls for direct marketing in relation to pension schemesRegulation 22 Use of electronic mail for direct marketing purposesRegulation 23 Use of electronic mail for direct marketing purposes where the identity or address of the sender is concealedRegulation 24 Information to be provided for the purposes of regulations 19, 20 and 21 or 21ARegulation 25 Register to be kept for the purposes of regulation 20Regulation 26 Register to be kept for the purposes of regulation 21Regulation 27 Modification of contractsRegulation 28 National securityRegulation 29 Legal requirements, law enforcement etc.Regulation 29ARegulation 30 Proceedings for compensation for failure to comply with requirements of the RegulationsRegulation 31 Enforcement - extension of Part V of the Data Protection Act 1998Regulation 31A Enforcement: third party information noticesRegulation 31B Enforcement: appealsRegulation 32 Request that the Commissioner exercise his enforcement functionsDraft Regulation 32A Codes of conductDraft Regulation 32B Accreditation of bodies monitoring compliance with codes of conductDraft Regulation 32C Effect of codes of conductRegulation 33 Technical advice to the CommissionerRegulation 34 Amendment to the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000Regulation 35 Amendment to the Electronic Communications (Universal Service) Order 2003Regulation 36 Transitional provisionsRegulation 37 Review of implementationDraft Schedule A1 Storing information in the terminal equipment of a subscriber or userSchedule 1 Modifications for the purposes of these Regulations to Part V and sections 55A to 55E of the Data Protection Act 1998 and Schedules 6 and 9 to that Act as extended by Regulation 31Schedule 2 Transitional provisionsSignatureExplanatory Note
Page Overview
Related
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 4th January 2025
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 26 May 2011 - onwards

Regulation 5C Personal data breach: enforcement

(1) If a service provider fails to comply with the notification requirements of regulation 5A, the Information Commissioner may issue a fixed monetary penalty notice in respect of that failure.

(2) The amount of a fixed monetary penalty under this regulation shall be £1,000.

(3) Before serving such a notice, the Information Commissioner must serve the service provider with a notice of intent.

(4) The notice of intent must -

(a) state the name and address of the service provider;

(b) state the nature of the breach;

(c) indicate the amount of the fixed monetary penalty;

(d) include a statement informing the service provider of the opportunity to discharge liability for the fixed monetary penalty;

(e) indicate the date on which the Information Commissioner proposes to serve the fixed monetary penalty notice; and

(f) inform the service provider that he may make written representations in relation to the proposal to serve a fixed monetary penalty notice within the period of 21 days from the service of the notice of intent.

PreviousNext