What is PECR? Do you need to comply with it?

Electronic communication is a powerful tool. It can help us keep in touch with friends and family, stay informed about the world around us, and even get our jobs done. But it can also be an information security risk.

In the UK, electronic communication is governed by a law known as The Privacy and Electronic Communications Regulations (PECR). The regulation aligns with the EU Privacy Directive and the UK GDPR to establish privacy rights for electronic communications.

Here's all you need to know about PECR, including what it covers, to whom the regulation applies and how it can benefit your organisation.

In this blog post, we'll cover:

What is PECR?

What does the PECR cover?

Who does the PECR apply to?

What is the relationship between the PECR and the UK GDPR?

Why is it important to comply with the PECR?

 

What is PECR?

PECR is a set of EU laws that regulate how electronic communications services work with each other, as well as how they interact with the public.

The goal of PECR is to provide consumers with an equal level of protection when using these services. For example, it prevents companies from collecting data about their users without consent and mandates that users be notified whenever their data has been exposed to a third party.

The PECR governs how companies must handle data when they use electronic communications to interact with consumers. The act provides all kinds of protections for individuals who are using these services, including:

  • How much information can be collected
  • Who gets access to it
  • Where it can be stored (in a physical location vs. digital)

PECR has undergone a number of changes. The most recent changes were implemented in 2018 when it was decided to ban cold-calling for management services and introduce director accountability for major communication rule violations. They were changed in 2019 to include the UK GDPR definition of consent and to ban specific instances of cold calling for pension plans. 

What does the PECR cover?

PECR covers all forms of electronic communications, including email, text messages, and conference calls. It also covers the collection of personal data in an electronic form by an entity other than a public authority or law enforcement agency that uses these forms of communication for marketing purposes.

It also includes taking caution of the following:

  • Data quality, including the accuracy of personal data.
  • Access to and correction of personal data.
  • The time period that information remains available.
  • Security measures for electronic communications services.
  • Preventing access to personal data from third parties.

Who does the PECR apply to?

You might be wondering whether the UK's privacy law actually applies to you if you run a non-UK or non-EU business there. The PECR is applicable to non-UK and non-EU businesses if they are conducting business in the UK.  

You must abide by the PECR and the UK GDPR if you sell goods and services or advertise to UK residents. The regulation requires that companies that provide electronic services, such as e-mail, internet browsing, online gaming, and social media platforms, must comply with privacy regulations.

This includes both individuals who use these services as well as businesses and organisations that offer them. 

What is the relationship between the PECR and the UK GDPR?

The UK GDPR is a regulation that came into effect on May 25, 2018. It is a law that requires all organisations processing the personal data of EU and UK citizens to follow strict rules for handling that data and for protecting the privacy of users.

The PECR is a set of regulations that were established to protect the privacy of UK citizens. The PECR regulations are similar to UK GDPR in many ways, but they differ in some key details.

The UK GDPR and PECR share many similarities. Both laws were enacted to ensure that people's personal information is not shared with third parties without their express consent. Even though both laws are different in some ways, they have many commonalities that make them valuable tools for businesses and individuals alike.

 

Both laws also stipulate that organisations must obtain consent from customers before collecting or using personal information for marketing purposes. However, this requirement differs slightly from one law to another. Under PECR, organisations can only require opt-in for certain types of marketing communications. Under the UK GDPR, opt-in is required for almost any type of communication unless the consumer has explicitly consented otherwise.

Another major difference between PECR and UK GDPR is how each regulation approaches personal data processing. Personal data processing is defined as any operation or set of operations which permits access to personal information, whether or not by automatic means, such as through direct contact with individuals. In contrast, personal data processing under UK GDPR also includes automated processing, which requires no human intervention.

To sit alongside the EU version of the UK GDPR, the EU is in the process of replacing the present e-privacy regulation with a new e-privacy Regulation (ePR). As the UK has left the EU, the ePR will not instantly become part of UK law or coexist with UK GDPR. 

Why is it important to comply with the PECR?

Privacy and electronic communications regulation is important for organisations because it protects the rights of individuals to privacy and confidentiality, as well as their ability to communicate freely.

Organisations need to be aware of these issues, so they can take steps to ensure that the privacy and confidentiality of their customers are protected. If a company does not have adequate safeguards in place, then its customers may feel that they do not have any control over how their information is used by other parties.

Additionally, if an organisation does not respect the privacy of its customers, this might lead to a negative public perception of the company's trustworthiness or reputation.

If an organisation is found not complying with the PECR, it can face fines of up to £500,000.

Need help with data privacy compliance?

PECR makes sure customer privacy in electronic communications is protected, keeping personal data secure and shielding organizations from misuse by others. Complying with PECR means organizations can manage customer data more wisely, enhancing how it's kept and shared.

DataGuard can help you achieve data privacy compliance. Schedule a call with our data privacy experts, and we'll guide you through it.

 

About the author

DataGuard Privacy Experts DataGuard Privacy Experts
DataGuard Privacy Experts

Dive into the world of data protection, compliance, ethics, and data security with hands-on advice and actionable opinions from our certified Data Protection Officers and Privacy Consultants from Germany, the UK, and Austria. Coming from a wide range of backgrounds like business, legal, tech, or marketing, our specialists share the latest news and solutions to current challenges, as well as their takes on recent judgements and legal decisions with you. Their aim? Enable you to make the right decisions and keep your business safe, build trust, and grow revenue while remaining compliant with current privacy laws. What makes our specialists qualified? These are some of the certifications of our privacy experts: Certified Information Privacy Professional/Europe (IAPP), Certified Information Privacy Manager (IAPP) Information Security, Certified Information Privacy Technologist (IAPP), Certified Practitioner in Data Protection (BCS), Certified Data Protection Officer (TÜV), Fellow of Information Privacy (IAPP), Certified EU General Data Protection Regulation Practitioner (IBITGQ), Data Protection Officer & Europrivacy Auditor, Practitionier Certificate in Data Protection, PC.dp. (GDPR)

Explore more articles

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk