The past year has seen a continued trend of enforcement action by the Information Commissioner’s Office (ICO) for breaches of the direct marketing rules contained in the Privacy and ­Electronic Communications (EC Directive) Regulations 2003 (PECR). Whilst a number of these actions are directed at persistent unscrupulous spammers and scammers, the ICO has also fined many well-known businesses, often evidencing a strict interpretation of the rules. The ICO continues to emphasise that it expects organisations to learn from others’ mistakes when conducting marketing campaigns, and so this article discusses some key aspects of recent ICO fines and the learnings and pitfalls organisations can draw from them. Further information on the fines referred to is set out at the end of this article.