BY Stephen Cavey | 22 June 2022
With an increasingly global economy and progressive regulatory landscape, organizations doing transatlantic business are susceptible to not only the General Data Protection Regulation (GDPR) but the Privacy and Electronic Communications Regulations (PECR) as well. The digitalization of business processes and operations will proceed but with an even greater focus on privacy. And to that point, these data privacy laws are being introduced and enforced at an impressive rate, all the while being subject to change. Businesses need to understand the outlined expectations of these regulations to avoid penalties, mitigate risk and build customer confidence.
The PECR is another UK data privacy law corresponding to the GDPR and the Data Protection Act (DPA), enforcing rules tailored explicitly to electronic communications. These rules and regulations apply to businesses targeting customers with marketing, advertising, products, or services. It is worth noting that over the last 11 years, the marketing technology landscape has experienced explosive growth, with an increase of 6,521%. So, suppose you are a business sending electronic marketing messages, using cookies (for now) or providing electronic communications services to the public. In that case, you are required to comply with both the GDPR and PECR.
Like other privacy laws and regulations, the PECR has been amended — six times to date — since implementation of the rules in 2003, with the last amendment taking effect in 2018. It has never been more important to stay current with the GDPR, PECR, and DPA to better conduct business operations and effectively navigate the regulatory landscape.
While the PECR is not new, it is crucial for businesses wishing to send electronic marketing messages to understand which aspects of the communications sector the rules cover. At Ground Labs, our understanding is that the PECR protects various channels of the digital communication landscape including electronic marketing, cookies or similar technologies used to track personal information and telecommunications or other communication networks that utilize location data.
The latest update to PECR, shared in December 2021, outlined specifics for making marketing calls to individuals, including the following:
When comparing the GDPR and PECR, the standard for consent as outlined by the GDPR also applies to the PECR and is used more frequently. Consent must be “given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement.” If you are sending electronic marketing messages or using cookies or similar technologies, it is your obligation to uphold the law and comply with both PECR and the GDPR. Lastly, the PECR applies even if you are not collecting personal data.
Violating the PECR can result in warnings, reprimands and fines, which are issued by the Information Commissioner’s Office (ICO). Likewise, breaching the PECR can result in a criminal offense and the maximum fine is £500,000, slightly less than the maximum fine for the GDPR.
One method to ensure your business is well-informed in PECR is to invest in sensitive data discovery technology. Ground Labs’ Enterprise Recon enables organizations to quickly and easily discover, remediate and report on more than 300 predefined and variant personal data types across multiple systems, and makes compliance with security regulations much easier to achieve.
Want to get started on your path to PECR compliance? It has never been easier – book a demo with us today.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.