The Privacy and Electronic Communications Regulations (PECR) provide protection to people receiving electronic communications from organisations. They were most recently updated in December 2018 to, amongst other things, introduce director liability for serious breaches of the rules. The fines aren’t as scary as the GDPR but they’re still eye-wateringly high at £500,000.
Who do they apply to?
Any organisation that
- markets to individuals or companies via telephone, email, text or fax;
- is a public communications or network provider; and/or
- compiles a telephone directory.
The PECR apply whether personal information is being processed or not. This means that the rules apply to B2B activity too.
What do I need to do?
You’ll need to get familiar with the PECR and then review all your electronic communications activity to ensure you’re operating compliantly. Or you can appoint an expert to help by commissioning a PECR Audit.
You’ll need to look at where training, process or system changes can help you achieve and maintain compliance.
For example, you must not make unsolicited live calls to anyone who has has previously opted out of them, or make any calls to any number registered with any TPS, unless you have their specific consent.
If you make such calls, what processes do you have in place to ensure you meet these requirements? How do you check the effectiveness of these measures? The PECR also sets out rules around sending emails, texts and faxes (if anyone sends those anymore!)
When the GDPR arrived, so many business believed they needed consent for all email marketing activity, but that’s not strictly true. Please make sure you read and properly understand the Regulations before making any drastic changes in your business. The best place to start is the ICO’s Guide to the PECR.
GDPR & Consent
The PECR and GDPR are intended to work alongside each other, and the GDPR is not intended to stray into anything already covered under the PECR. Importantly, the GDPR provides an updated definition of consent. So, in all areas where the PECR require you obtain consent, it must meet the strict requirements of lawful consent under the GDPR.
Then there’s Cookies to think about too. You now need to obtain GDPR levels of consent for all cookies that are not “strictly essential” – this includes Google Analytics cookies! This will be game changing for most digital businesses, and it’s not necessarily an easy business problem to solve.
Next Steps – Contact us!
If you need expert help getting compliant, our PECR audit is the right solution for you. One of our Privacy Consultants will work with your team to assess current practice, and make recommendations for compliance. We’re dedicated to finding compliance solutions that protect your business’ interests.
Protect your business. Choose Smarter Data Protection. Contact us today.