PECR and e-Privacy Training Day

This one day workshop refreshes marketeers’ understanding of the UK and EU PECR, the rules and best practice they need to adhere to when marketing, building web sites, providing public access to Wi-Fi and compiling business directories.

It explains how the PECR extends and builds on the GDPR; for example the PECR applies even if you are not processing personal data and cannot identity the person you are marketing to or is using services you provide. It also highlights areas of divergence for those organisations that promote and market to European customers.

Following the UK’s exit from the EU the UK Government introduced new legislation relating to data protection, The GDPR and PECR. This new legislation is known as the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No.2) Regulations 2019. For simplicity these are usually referred to as the UK-GDPR and the UK-PECR.

Organisations that operate in or market to European Customers will need to adhere to these and the EU GDPR and PECR regulations.

The PECR regulations sit alongside the GDPR and data protection legislation. They are the lesser known, but potentially more important, they place strict rules on all organisations that:

  • Market by phone, email, text or fax.
  • Cookies or similar technologies on their web sites
  • Compile telephone or similar public directories

It is essential that all marketing, web design, and electronic communications personnel understand them fully.

For Whom
This one-day participative workshop is for all those involved in IT and/or direct marketing, building web sites, communicating to others via electronic means, offering or providing mobile or internet access including for example customer access to Wi-Fi.

Delegate Feedback

Content

1. The UK-PECR and UK-GDPR

  • Brief update and reminder on UK – GDPR
  • Key GDPR definitions relating to PECR – eg consent/processing/ 8 principles
  • Role of Information Commissioner on all laws including GDPR and PECR

Signposting other areas (briefly of GDPR not directly related to PECR)

2 An introduction to the UK- PECR
Including areas of divergence between UK-PECR and EU-PECR

  • Key definitions
    Different rules in PECR apply in different ways so it is important to understand the key terms used within the regulations
  • Electronic communications, networks and services
  • Providers of Services and Communications
  • Subscribers and Users, Corporate and Individuals
  • Marketing Rules
    The PECR restricts unsolicited marketing by phone, fax, email, text, or other electronic message. There are different rules for different types of communication. You will often need specific consent to send unsolicited direct marketing.

    • Direct Marketing, B2B, B2C
    • Electronic Marketing
    • Solicited vs Unsolicited
    • Consent, Opt in, Opt Out
    • International Marketing
    • Bought in third party marketing services
  • How the Rules Manifest themselves
    The PECR applies in a range of common situations often with very specific rules for each :

    • Email marketing
    • Telephone Marketing
    • Marketing by Faxes
    • SMS messaging and marketing
    • Viral Marketing
    • Behavioural Marketing
    • Third party lists and services
    • Blocking lists – TPS, FPS, CTPS
  • Web sites and Tracking
    • Cookies and active consent
      ( a 2019 survey estimated only 12% of companies are compliant)
    • Exemptions
    • Apps
  • Data Security
    • Obligations and appropriate measures
    • Notifying customers of security risks
    • Data breaches and ICO notifications
  • Data Processing
    • Traffic and location data
    • Consent
    • Record keeping
  • Service Providers
    • Billing
    • Caller line Identification
    • Directories
  • No PECR exemptions and Penalties for breaches
    Be warned, for most organisations there are no exemptions to PECR and the penalties for breaches can be severe. The only general exemptions are on the basis of national security, law enforcement and crime prevention.

3 Contextualising the PECR

Session 3 is a highly participative session that uses a mixture of quizzes and discussion that reinforce the learning and help participants to understand how, why and where the PECR is likely to impact on them and their organisation. This session also explores, where available, the participants’ organisation’s in house policies and procedures as well as the duties of care and vicarious liability placed on both organisations and individuals

  • The Employers Obligations under PECR
  • Employee Obligations under PECR
  • Typical Complaints to the ICO
  • Example Complaints including
    • Honda
    • Flybe
    • Royal Mail
    • Direct Choice Home Improvements

4 Changes to PECR and the New EU ePrivacy Regulations
Session 4 highlights that PECR is continually evolving and participants need to maintain an active knowledge of developments in this area. The end of the BREXIT transition period in December 2020 could lead to significant changes and in Europe new ePrivacy regulations loom. These are set to replace the EU-PECR and once finalised many rules within them could be adopted by the UK Government.

This session explores what is being considered for the new legislation

5 Workshop Close

A final opportunity for questions and clarification and the chance to consider what action may be needed on return to work.