Penalties for non-compliance
What are the penalties for non-compliance?
The ASA has limited sanctions, the main one being publicizing adjudications that a company breached the CAP/ BCAP code (which can lead to negative press coverage).
The majority of offences arising under the CPR's are punishable by a fine, which used to be set at a maximum of £5,000 (approx. US$6,440). However, this statutory maximum has now been disapplied so there is flexibility to impose a higher fine. For more serious cases, an (unlimited) fine or a prison term of up to 2 years or both can be imposed. For example, a fine was levied on a retailer of £300,000 (approx. US$386,400) for misleading advertising in breach of the CPRs. Sanctions are proportionate to the breach and routinely commence with requests to amend or stop non-compliant promotions. Immediate compliance often prevents more severe sanctions. In addition, the amendments made to the CPRs in 2014 provided consumers with a direct right to redress (in addition to actions that can be brought by the regulators), and this includes possible remedies such as damages.
Sanctions under GDPR for breaching data protection law can be very high indeed (fines could reach the higher of €20 million (approx. US$22.4m) or 4% the global turnover of the infringing company / its group, in the most serious cases). Criminal prosecution under and class action consumer damages claims are also possible under GDPR.