ICO fines debt services company £300,000 for PECR violations
Published: 23/06/2026
| ICO
The Information Commissioner's Office (ICO) has issued a £300,000 monetary penalty and an enforcement notice to KRA Consultancy Ltd, ordering the company to stop sending marketing messages without consent within 30 days.
The action follows an investigation into the Manchester-based company that provides debt solutions to people who have been turned down for finance. The investigation revealed that the company sent 5,575,715 unsolicited direct marketing texts between April 2022 and May 2025, resulting in more than 60,000 complaints. The ICO found that the company had breached regulations 22 and 23 of the Privacy and Electronic Communications Regulations 2003 (PEC Regulations).
Training announcement: Freevacy provides comprehensive training for new and existing practitioners on the changes introduced by the DUA Act to the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18), and the Privacy and Electronic Communications Regulations 2003 (PEC-Regulations). Our courses are always up to date and provide a forum for learning and discussing how to ensure your data protection processes remain compliant. Find out more.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 3,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.