There isn't a number in the regulations
People ask me this every week: how often should we check our list against TPS? Once a quarter? Monthly? Before every campaign? The honest answer is that PECR does not name a frequency. It tells you not to call numbers registered with TPS or CTPS, and it leaves the "how" to you. That sounds like wiggle room, but in practice it is the opposite. If a complaint lands, the ICO works backwards from the call and asks whether your screening was reasonable. A quarterly batch can pass that test on a low-volume B2C list, and fail it badly on a busy outbound floor.
Here is how I think about cadence, who needs what, and the trap most teams miss.
What PECR says (and doesn't)
Regulations 21 and 21A of PECR prohibit unsolicited live marketing calls to numbers registered with the TPS or CTPS, unless the subscriber has notified you they consent to your calls. There is no schedule. No "screen every 28 days". The duty is on you to not make the call, full stop. The ICO's direct marketing guidance points you at the TPS as the practical way to meet that duty, and expects you to screen close enough to the call that the data is current.
The closer you screen to the moment of dialling, the safer you are. That is the whole logic.
The DMA list-cleaner standard: 28 days
The Data & Marketing Association sets the operational benchmark most agencies use: TPS data should be refreshed at least every 28 days. That number is not in PECR. It is the industry's answer to "reasonable". If you screen monthly against a fresh TPS file, you have a defensible position when a complaint arrives, because you can show your records were no more than 28 days stale.
DMA-licensed list cleaners (TPSClear is one) have to refresh their reference data on that cadence as a condition of the licence. So when you call our API, the file we check against is never older than 28 days. The next question is how often you push your numbers through.
The ICO bar: what a reasonable person would do
When the ICO investigates a complaint, the test isn't "did you screen?", it is "was your screening reasonable for the volume and risk of what you were doing?". A two-person consultancy making 30 calls a month to existing prospects is not held to the same standard as a 200-seat outbound centre dialling cold lists. Both are bound by the same regulation. The bar that gets applied is contextual.
Read the public enforcement notices and you see the pattern: the ICO doesn't fine companies for screening monthly instead of weekly. It fines them for not screening, for screening once and forgetting, for ignoring suppression requests, for buying lists with no provenance. See recent ICO fines and what triggered them for worked examples.
Three patterns in the wild
| Pattern | Cadence | Risk profile |
|---|---|---|
| Quarterly batch | Every 90 days | Legal but exposed. Up to 89 days of drift between checks. On a contact list of any size, several numbers will register with TPS in that window. Defensible only for very low volume, warm-only outreach. |
| 28-day refresh | Monthly batch | The DMA baseline. Industry standard. Holds up under ICO scrutiny for normal SME outbound. The minimum I would recommend to anyone making more than a handful of calls a week. |
| Real-time on phone change | Every time a number is added or edited | Strictest. The number is screened the moment it enters your CRM and re-screened when it changes. This is what TPSClear does inside HubSpot and via the API. Drift window: minutes, not weeks. See how it works. |
Recommendations by team size
Solo and micro businesses
If you are a one or two-person operation calling fewer than 50 prospects a month, monthly screening is fine. Run a batch on the first of the month, keep the timestamp in the contact record, done. The ICO is not going to call your cadence unreasonable at that volume. The risk is the admin slipping, not the cadence itself.
SMEs with active outbound
If you have a sales team making outbound calls every day, 28 days is the floor, not the target. Real-time on phone change is better and not much more expensive. Every new lead that comes in via a form, an import, or a CSV upload should hit TPS before it ever appears on a dial list. This is the gap that gets companies fined: the contact was clean when you screened the file in January, the prospect added themselves to TPS in February, you called in March. Monthly batch wouldn't catch that. Real-time would.
Call centres and high-volume outbound
Real-time. There is no defensible alternative. If you are dialling thousands of numbers a day, every number must be checked at the point of import and re-checked on a short cycle (we recommend daily on top of real-time triggers). The cost of a single ICO investigation, even one that ends without a fine, will dwarf any conceivable saving from cutting your screening frequency. See the full TPS compliance guide for what an investigation actually involves.
The hidden risk: numbers added between checks
This is the bit teams miss. TPS is not a static list. People register every day. Roughly 30 million numbers sit on the register and the volume grows steadily. Between any two checks, some of your contacts will join it. They may have been clean when you imported them, clean at your last batch, and on TPS by the time you dial.
Monthly batches catch that registration up to 28 days late. Quarterly batches catch it up to 89 days late. Real-time, triggered when a number is added or changed, catches it the next time the contact is touched. The honest answer to "how often" is therefore: as close to dial-time as your tooling allows. For us, that means re-screening on every phone-change event in the HubSpot CRM integration, plus a daily pass for safety.
One-line conclusion
Pick 28-day refresh as the floor, real-time as the target, and document whichever you choose so you can show the ICO your reasoning if they ever ask.