Changeflow GovPing Data Privacy & Cybersecurity ICO fines TMAC Ltd £100,000 for PECR breaches
Urgent Enforcement Amended Final

ICO fines TMAC Ltd £100,000 for PECR breaches

Favicon for ico.org.uk ICO Enforcement
Filed February 3rd, 2026
Detected March 26th, 2026
Email

Summary

The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). The company made over 260,000 unsolicited marketing calls to individuals registered on the Telephone Preference Service and failed to provide required caller information.

View original document View source feed page

What changed

The ICO has issued a £100,000 monetary penalty and an enforcement notice against TMAC Ltd for violating PECR regulations. Specifically, TMAC contravened regulations 21 and 24 by making 260,332 unsolicited direct marketing calls to numbers listed on the Telephone Preference Service between February and September 2024. Furthermore, the company failed to provide recipients with the required caller particulars as mandated by regulation 24.

This enforcement action highlights the ICO's commitment to enforcing PECR. TMAC Ltd must cease these unlawful marketing practices and ensure full compliance with all PECR requirements moving forward. Failure to comply with the enforcement notice could lead to further sanctions. The penalty underscores the importance of respecting subscriber preferences and providing clear caller identification for direct marketing activities.

What to do next

  1. Cease unsolicited marketing calls to TPS-registered numbers.
  2. Ensure all direct marketing calls provide required caller particulars.
  3. Review and update direct marketing practices to comply with PECR.

Penalties

£100,000 monetary penalty

Source document (simplified)

TMAC Ltd

  • Date 3 February 2026
  • Type Enforcement notices
  • Sector General business TMAC contravened regulations 21 and 24 of PECR and the ICO issued a monetary penalty of £100,000 and an enforcement notice.

Between 8 February 2024 and 24 September 2024, TMAC used a public telecommunications service for the purposes of making 260,332 unsolicited calls for direct marketing purposes to subscribers where the number allocated to the subscriber in respect of the called line was a number listed on the register of numbers kept by the Commissioner in accordance with regulation 26, contrary to regulation 21(1)(b) of PECR.

TMAC also failed, as required by regulation 24 of PECR, to provide the recipient of the calls with the particulars specified at regulation 24(2) of PECR.

Named provisions

Regulation 21 Regulation 24

Related changes

Favicon for ico.org.uk ICO Fines Reddit for UK GDPR Violations
Urgent Mar 19, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for ico.org.uk Calderdale Council Information Notice
Routine Mar 18, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for ico.org.uk City of London Police Reprimanded for Data Protection Failures
Priority review Mar 18, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for www.bailii.org Consumer Protection Judgment on Online Selling Prices
Priority review Mar 26, 2026 BAILII Europe Recent Decisions Courts & Legal
Favicon for www.gao.gov Government Strategy Needed to Counter Consumer Scams
Priority review Mar 26, 2026 GAO Reports Government & Legislation
Favicon for changeflow.com USPTO Trademark Application - NO SHADE TAN CO
Routine Mar 26, 2026 ChangeBridge: Trademarks - Medical Services (Class 044) Healthcare

Source

Favicon for ico.org.uk
ICO Enforcement ico.org.uk/action-weve-taken/enforcement
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
ICO
Filed
February 3rd, 2026
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive
Document ID
ICO Enforcement

Who this affects

Applies to
Employers
Industry sector
4231 Wholesale Trade
Activity scope
Direct Marketing Calls
Geographic scope
United Kingdom GB

Taxonomy

Primary area
Consumer Protection
Operational domain
Compliance
Topics
Data Privacy Telecommunications

Browse Categories

Agriculture & Food Safety 62 AI Regulation 3 Banking & Finance 241 Consumer Protection 41 Courts & Legal 324 Data Privacy & Cybersecurity 65 Defense & National Security 49 Education 20 Energy 105 Environment 84 Government & Legislation 265 Healthcare 134 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 101 Securities & Markets 81 Tax 64 Tax & Revenue 1 Telecom & Technology 48 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ICO Enforcement publishes new changes.

Free. Unsubscribe anytime.