PECR Training Course

Understanding the PECR for Marketing & ICT Teams

The UK Privacy & Electronic Communications Regulations

This one day workshop refreshes marketeers’ understanding of the Data Protection PECR rules and the good practice they need to adhere to when marketing, designing web sites and building mailing lists.

It explains how the UK-PECR extends and builds on the UK-GDPR. It also highlights areas of divergence for those organisations that promote and market to European customers.

The PECR regulations are the lesser known, relative to the GDPR, but potentially more important, they place strict rules on all organisations that:

  • Market by phone, email, text or fax.
  • Use Cookies or similar technologies on their web sites
  • Compile telephone or similar public directories

It is essential that all marketing, web design, and electronic communications personnel understand them fully and why PECR compliance is so important. (NB: The ICO issue for fines for PECR breaches than GDPR breaches)

For Whom
This one-day participative workshop is for all those involved in IT and/or direct marketing, building web sites, communicating to others via electronic means, offering or providing mobile or internet access including for example customer access to Wi-Fi.


session one explores the relationship between data protection, the GDPR and the PECR

  • Brief update and reminder on UK – GDPR
    Key GDPR definitions relating to PECR – eg consent/processing/ 8 principles
    Role of Information Commissioner on all laws including GDPR and PECR
  • Signposting other areas (briefly of GDPR not directly related to PECR)

An introduction to the UK- PECR
Session 2 explores areas of divergence between UK-PECR and EU-PECR before delving deeper into the UK rules and good practice

Key definitions
Different rules in PECR apply in different ways so it is important to understand the key terms used within the regulations

  • Electronic communications, networks and services
  • Providers of Services and Communications
  • Subscribers and Users, Corporate and Individuals

Marketing Rules
The PECR restricts unsolicited marketing by phone, fax, email, text, or other electronic message. There are different rules for different types of communication. You will often need specific consent to send unsolicited direct marketing.

  • Direct Marketing, B2B, B2C
  • Electronic Marketing
  • Solicited vs Unsolicited
  • Consent, Opt in, Opt Out
  • International Marketing
  • Bought in third party marketing services

How the Rules Manifest themselves
The PECR applies in a range of common situations often with very specific rules for each :

  • Email marketing rules
  • Telephone Marketing rules
  • Marketing by Faxes rules
  • SMS messaging and marketing rules
  • Viral Marketing
  • Behavioural Marketing
  • Third party lists and services
  • Blocking lists – TPS, FPS, CTPS

Web sites and Tracking

  • Cookies and active consent
  • Exemptions
  • Apps

Data Security

  • Obligations and appropriate measures
  • Notifying customers of security risks
  • Data breaches and ICO notifications

Data Processing

  • Traffic and location data
  • Consent
  • Record keeping

Service Providers

  • Billing
  • Caller line Identification
  • Directories

No PECR exemptions and Penalties for breaches
Be warned, for most organisations there are no exemptions to PECR and the penalties for breaches can be severe. The only general exemptions are on the basis of national security, law enforcement and crime prevention.

Contextualising the PECR
Session 3 is a highly participative session that uses a mixture of quizzes and discussion that reinforce the learning and help participants to understand how, why and where the PECR is likely to impact on them and their organisation. This session also explores, where available, the participants’ organisation’s in house policies and procedures as well as the duties of care and vicarious liability placed on both organisations and individuals

  • The Employers Obligations under PECR
  • Employee Obligations under PECR
  • Typical Complaints to the ICO
  • Example Complaints including
    Royal Mail
    Direct Choice Home Improvements

Crystal Ball – the future?
This session, 4, explores the latest changes and developments and how they may impact on data protection and privacy.

Our courses always carry the latest information on what is an ever changing legal landscape coupled with breaking news on actual cases resulting from successful prosecutions and/or learning points from ICO inspections.

Finally, we ensure that links are made in our workshops to other relevant statutes. For example online safety legislation.


Please Note: We always respect client privacy and confidentiality. We do not collate any identifiable delegate information on our course feedback forms. We only publish comments where express permission for marketing and promotional use, has been given.  The majority of delegates do not give this permission. 

  • “Fantastic”
  • “Very Good”
  • “The training was informative and engaging”


we won't chase you, we wont pester you, we won't add you to any mailing list

MORE - Data Protection Courses