PECR

Privacy and Electronic Communications Regulations

What are the PECR?

The PECR (Privacy and Electronic Communications (EC Directive) Regulations 2003) are a UK law that implements the EU’s ePrivacy Directive (Directive 2002/58/EC) and set out privacy rights relating to electronic communications.

The PECR are affected by the GDPR (General Data Protection Regulation)’s rules on consent, so organisations need to ensure they comply with both laws if they send electronic marketing messages, use cookies or provide electronic communications services to the public.

Since Brexit, there are two versions of the GDPR that UK organizations might need to comply with:

· The UK GDPR, which, with the DPA (Data Protection Act) 2018, applies to the processing of UK residents’ personal data; and
· The EU GDPR, which continues to apply to the processing of EU residents’ personal data.

What are the regulations of PECR?

PECR governs the access of corporate organizations based in the UK and the EU to customer information. These laws also apply to businesses that are currently functioning in the United Kingdom.
Even if a corporation is not situated in the UK or EU, it must follow the data protection regulations outlined in GDPR Article 3 when communicating with persons in the UK and EU.

What do the PECR cover?

The PECR apply to:

What are the penalties for not complying with the PECR?

The ICO has the power to take action against organizations and, as of 17 December 2018, their officers for PECR violations. Actions include criminal prosecution, non-criminal enforcement, audit, and the imposition of monetary penalties of up to £500,000.

How DPOsphere can help you comply?

Understand your level of PECR compliance with our independent PECR Audit service, which assesses:

Organization-wide awareness of the PECR;
How risks are managed and the accompanying documentation;
 Staff training
Your ISMS (information security management system), including testing and frameworks;
The security procedures in place, such as access limitation;
Handling of data subjects’ rights and privacy notices
Data transfer mechanisms and third-party processors
Your breach response processes.

Frequently Asked Questions

What is PECR?

PECR stands for the Privacy and Electronic Communications Regulations. It is a set of regulations in the United Kingdom that govern the use of electronic communications, including email, SMS, telephone, and fax marketing, as well as the use of cookies and similar technologies.

PECR compliance services typically include assessing an organization’s electronic communications practices, developing policies and procedures to align with PECR requirements, providing guidance on lawful marketing practices, implementing cookie consent mechanisms, ensuring compliance with direct marketing rules, and offering support for regulatory compliance.

Yes, organizations can outsource PECR compliance services to specialized firms or professionals. Outsourcing these services ensures that organizations can navigate the complexities of PECR and implement appropriate measures to comply with its requirements.
Using PECR compliance services offers several benefits to organizations. It helps ensure compliance with the specific rules and requirements of PECR, reducing the risk of non-compliance and associated penalties. Compliance services also assist organizations in fostering trust with users by respecting their privacy rights and providing transparency in electronic communications practices.