The ICO issues more Fines and Penalties under the PECR than the GDPR !

Given the frequency of PECR breaches, penalties and fines PECR training should be mandatory in every organisation.

This one-day course refreshes marketeers’ understanding of the Data Protection PECR rules and the good practice they need to adhere to when marketing, designing web sites and building mailing lists. It explains how the UK-PECR extends and builds on the UK-GDPR. It also highlights areas of divergence for those organisations that promote and market to European customers.

The PECR regulations are the lesser known, relative to the GDPR, but potentially more important, they place strict rules on all organisations that:

Market by phone, email, text or fax.
Use Cookies or similar technologies on their web sites
Compile telephone or similar public directories

It is essential that all marketing, web design, and electronic communications personnel understand them fully and why PECR compliance is so important. (NB: The ICO issue more fines breaches of the PECR than breaches of the GDPR)

For Whom?

This one-day highly participative workshop is for all those involved in IT and/or direct marketing, building web sites, communicating to others via electronic means.

PECR Training Course Content

The UK-PECR and UK-GDPR

session one explores the relationship between data protection, the GDPR and the PECR

Brief update and reminder on UK – GDPR
Key GDPR definitions relating to PECR – eg consent/processing/ 8 principles
Role of Information Commissioner on all laws including GDPR and PECR
Signposting other areas (briefly of GDPR not directly related to PECR)

An introduction to the UK- PECR

Session 2 explores areas of divergence between UK-PECR and EU-PECR before delving deeper into the UK rules and good practice

Key definitions

Different rules in PECR apply in different ways so it is important to understand the key terms used within the regulations

Electronic communications, networks and services
Providers of Services and Communications
Subscribers and Users, Corporate and Individuals

Marketing Rules

The PECR restricts unsolicited marketing by phone, fax, email, text, or other electronic message. There are different rules for different types of communication. You will often need specific consent to send unsolicited direct marketing.

Direct Marketing, B2B, B2C
Electronic Marketing
Solicited vs Unsolicited
Consent, Opt in, Opt Out
International Marketing
Bought in third party marketing services

How the Rules Manifest themselves

The PECR applies in a range of common situations often with very specific rules for each :

Email marketing rules
Telephone Marketing rules
Marketing by Faxes rules
SMS messaging and marketing rules
Viral Marketing
Behavioural Marketing
Third party lists and services
Blocking lists – TPS, FPS, CTPS

Web sites and Tracking

Cookies and active consent
Exemptions
Apps

Data Security

Obligations and appropriate measures
Notifying customers of security risks
Data breaches and ICO notifications

Data Processing

Traffic and location data
Consent
Record keeping

Service Providers

Billing
Caller line Identification
Directories

No PECR exemptions and Penalties for breaches

Be warned, for most organisations there are no exemptions to PECR and the penalties for breaches can be severe. The ICO issue more fines under PECR breaches than any other area of data protection. The only general exemptions are on the basis of national security, law enforcement and crime prevention.

Contextualising the PECR

Session 3 is a highly participative session that uses a mixture of quizzes and discussion that reinforce the learning and help participants to understand how, why and where the PECR is likely to impact on them and their organisation. This session also explores, where available, the participants’ organisation’s in house policies and procedures as well as the duties of care and vicarious liability placed on both organisations and individuals

The Employers Obligations under PECR
Employee Obligations under PECR
Typical Complaints to the ICO
Example Complaints including
Honda
Flybe
Royal Mail
Direct Choice Home Improvements

The DUAA and a Crystal Ball vision of the future?

The Data (Use and Access) Act 2025 has a phased implementation time line that impacts on all of the above. This session highlights the changes and implementation dates.

It also considers other changes and developments that may impact on data protection and privacy.

FEEDBACK – REAL COMMENTS FROM PREVIOUS DELEGATES

Please Note: We always respect client privacy and confidentiality. We do not collate any identifiable delegate information on our course feedback forms. We only publish comments where express permission for marketing and promotional use, has been given. The majority of delegates do not give this permission.

“Fantastic”
“Very Good”
“The training was informative and engaging”

MORE - Data Protection Courses

Data Protection, GDPR, PECR and DUAA Reference Guides

Data protection is the process of safeguarding important information from corruption, compromise, or loss, while ensuring personal data is handled lawfully, transparently, and securely. The legislation is complex and the protentional fines for breaches huge. our Data Protection, GDPR and PECR training courses bring you up to date with the latest developments and help you make sure you are 100% compliant. Our reference documents provide outline guidance.

Data Protection Complaints Policy Template & Guidance

All organisations are required to publish their policy and procedure for make a complaint about the organisations data protection. This free to use reference document and template is free to download and use

GDPR Necessary, Fair and Transparent Explained

Before an organisation or business processed any personal data it has to ensure there is a legal basis for processing. It has to be necessary, fair and transparent. Many organisations fail to meet these requirements are put themselves at risk. Find out more about good process in this reference document

How frequent should GDPR Data Protection Training be?

This a frequently asked question and one we attempt to answer. The one over-arching answer is to risk assess, many find this too vague so we try to be more helpful in this guide

The ICO guide to the PECR – PDF

The ICO is responsible for overseeing adherence to the PECR. This PDF document summarises all, alternatively see the ICO website

FAQ - Frequently Asked Questions about this Training

If you can’t find the answer you’re looking for, feel free to contact our support team.

Why should you use Concrew Training?

Specialist HR, Employment Law & Compliance training provider
We reference to official Government bodies such as ACAS, ICO, EHRC
Content tailored to your policies and procedures
CPD certificates included
12 months of post-course support
UK-wide delivery
Online and face-to-face options
Open and transparent pricing

What information is available on course content?

We publish detailed course overviews for all courses. These provide indicative content based on the course learning plans. Final content is tailored to each client’s individual requirements.

What other information is available on individual courses?

Free reference guides and resources to help employers evaluate training quality and improve workplace compliance

Downloadable resources available via our website
Customer feedback and testimonials published on our website

Can you include our company policies and procedures in the training?

Yes. We actively encourage this approach. Including your policies and procedures helps demonstrate how, where, and why good practice applies within your organisation. This contextualises the learning, improves engagement, and increases the practical value of the training. There is no additional charge for incorporating your policies and procedures.

How long do Concrew Training courses last?

Standard courses: 6 hours of learning (approx. 7 hours including breaks)
Condensed 3-hour sessions available
Extended sessions or multi-day programmes available

How many people can attend each course?

Online courses: up to 15 participants
Face-to-face courses: up to 20 participants
Whole workforce awareness sessions: available for larger groups

Where does Concrew Training deliver training?

Online: via your preferred video conferencing platform (Zoom, Teams, etc.) across the UK
Face-to-face: on your premises in England, Scotland, and Wales

How much does your training cost?

Typical prices range from £800 to £2,000 excluding VAT. Final cost depends on course duration, location, number of participants, and payment terms.

Full pricing details available on our website
No hidden charges
Formal quotations remain valid for 30 days

What are your courses like?

Our courses are delivered as interactive workshops rather than traditional lectures, and typically include:

Subject specialist input
Interactive quizzes
Group discussions
Practical exercises
Real-world case studies

We incorporate your organisation’s policies and procedures wherever possible to ensure the learning is relevant, engaging, and immediately applicable.

Who delivers the training?

Training is delivered by experienced subject specialists with extensive knowledge in their field. Our trainers:

Have significant practical experience
Can answer most participant questions during the session
Provide follow-up responses for complex questions
Are skilled facilitators who make technical subjects engaging

Do you issue CPD certificates?

Yes. All participants receive a CPD certificate detailing learning hours completed and headline course content.

Who uses your training services?

We work with organisations of all sizes, including:

Large international organisations
Public sector employers
Charities and not-for-profits
SMEs and local businesses

Attendees commonly include directors, senior leaders, HR professionals, operational managers, line managers, employee representatives, and staff teams. Customer feedback and testimonials are available on our website.

Why should I book a Concrew Training course?

Our training is:

Delivered live by subject specialists
Designed for real-world application
Suitable for teams of up to 20 participants
Available face-to-face in England, Scotland, and Wales
Available online across the UK
Practical, engaging, and immediately applicable
High-quality and competitively priced

Suitable for directors, senior leaders, HR teams, operational managers, line managers, staff teams, and employee representatives.

How far in advance should we book training?

We recommend booking training 2–3 months in advance. Availability is generally good with a three-month lead time. Dates are only reserved once a booking is confirmed. Short-term bookings may be limited.

How do I book a course?

Complete our quote request form
Receive a formal quotation and provide any delivery details
Confirm your booking
Receive a formal Delivery Confirmation and “What Happens Next” guidance

Is there anything else I will need to do?

For online courses

Schedule the event on your video conferencing platform
Share joining details with attendees
Provide the trainer profile and course overview

For face-to-face courses

Book the room/venue and required equipment
Share trainer details and course overview with attendees
Print and provide handouts to the trainer prior to the session

After the course

Distribute post-course handouts and CPD certificates

How does your 12-month post-course support service work?

Email us with any training-related questions that arise following the course. We provide guidance and support relating to the training content covered.

Note: This service is not a substitute for legal advice.

What happens if I have more questions?

We’re here to help. You can contact us at any stage before, during, or after your training programme, and we will be happy to answer any questions you may have.