Are you ready for PECR?

Yes, PECR. Not GDPR.

While we’re all painfully familiar with the acronym beginning with ‘G’, its ‘P’-based sibling is far from being on everyone’s lips.

If you send electronic marketing or use cookies or similar technologies, from May 25, 2018 you needed to comply with both regulations, even though you may only have heard of the one.

PECR stands for Privacy and Electronic Communications Regulations (PECR). It sits alongside the Data Protection Act and the GDPR.

PECR gives people privacy rights in relation to electronic communications. The PECR covers marketing calls, emails, texts and faxes; cookies and similar technologies; keeping communications services secure; and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

And action will be taken by the Information Commissioner’s Office against organisations that constantly flout their obligations.

Those who breach the rules face criminal prosecution, non-criminal enforcement and audit. You could also face a fine of up to £500,000.

PECR? GDPR? Or Both?

So in a nutshell if you send electronic marketing or use cookies or similar technologies from May 25, 2018 you must comply with both PECR and GDPR.

Some of the rules only apply to organisations that provide a public electronic communications network or service. But even if you are not a network or service provider, PECR will apply if you market by phone, email, text or fax; use cookies or a similar technology on your website; or compile a telephone directory (or a similar public directory).

Many of the steps and systems needed for GDPR will help you to meet PECR needs too. As with GDPR, you need not panic and rushing to make changes could be counter-productive, but you do need to pay attention and ensure you are meeting your obligations.