PECR and e-Privacy Training Day

Our one-day PECR and ePrivacy day explains the privacy and electronic communications regulations in a fun and effective manner

The PECR ( Privacy and Electronic Communications Regulations ) and the pending ePrivacy regaultions compliment the General Data Protection Regulations ( GDPR ). They place stringent rules on websites, mobile networks, public Wi-Fi and ALL electronic marketing activities.

Understanding the PECR and ePrivacy is essential for all those involved in web design and online marketing including newsletters

Sitting alongside the GDPR and data protection legislation are the lesser known, but potentially more important, Privacy and Electronic Communications Regulations (PECR). These regulations place strict rules on all organisations that:

  • Market by phone, email, text or fax.
  • Cookies or similar technologies on their web sites
  • Compile telephone or similar public directories

The PECR recognises that public access to Wi-Fi, Mobile Networks and the internet offer opportunities they are also present risks to the privacy of service users. The PECR is designed to minimise the risk of loss of privacy to service users. The PECR were updated in 2018 to improve their alignment with the GDPR and further changes are pending.

This one day workshop refreshes marketeers understanding of the PECR, the rules and best practice they need to adhere to when marketing, building web sites, providing public access to Wi-Fi and compiling business directories.

It explains how the PECR extends and builds on the GDPR; for example the PECR applies even if you are not processing personal data and cannot identity the person you are marketing to or is using services you provide.

For Whom
This one-day participative workshop is for all those involved in IT and/or direct marketing, building web sites, communicating to others via electronic means, offering or providing mobile or internet access including for example customer access to Wi-Fi.

Delegate Feedback


  1. The PECR and GDPR
  • Brief update and reminder on GDPR
  • Key GDPR definitions relating to PECR – eg consent/processing/ 8 principles
  • Role of Information Commissioner on all laws including GDPR and PECR
  • Signposting other areas (briefly of GDPR not directly related to PECR)

2. An introduction to the PECR

Key definitions
Different rules in PECR apply in different ways so it is important to understand the key terms used within the regulations

  • Electronic communications, networks and services
  • Providers of Services and Communications
  • Subscribers and Users, Corporate and Individuals

Marketing Rules
The PECR restricts unsolicited marketing by phone, fax, email, text, or other electronic message. There are different rules for different types of communication. You will often need specific consent to send unsolicited direct marketing.

o Direct Marketing, B2B, B2C
o Electronic Marketing
o Solicited vs Unsolicited
o Consent, Opt in, Opt Out
o International Marketing
o Bought in third party marketing services

How the Rules Manifest themselves
The PECR applies in a range of common situations often with very specific rules for each :
o Email marketing
o Telephone Marketing
o Marketing by Faxes
o SMS messaging and marketing
o Viral Marketing
o Behavioural Marketing
o Third party lists and services
o Blocking lists – TPS, FPS, CTPS

Web sites and Tracking
o Cookies and active consent
o Exemptions
o Apps

Data Security
o Obligations and appropriate measures
o Notifying customers of security risks
o Data breaches and ICO notifications

Data Processing
o Traffic and location data
o Consent
o Record keeping

Service Providers
o Billing
o Caller line Identification
o Directories

No PECR Exemptions and Penalties for Breaches
Be warned, for most organisations there are no exemptions to PECR and the penalties for breaches can be severe. The only general exemptions are on the basis of national security, law enforcement and crime prevention

3. Contextualising the PECR
Session 3 is a highly participative session that uses a mixture of quizzes and discussion that reinforce the learning and help participants to understand how, why and where the PECR is likely to impact on them and their organisation. This session also explores, where available, the participants’ organisation’s in house policies and procedures as well as the duties of care and vicarious liability placed on both organisations and individuals

  • The Employers Obligations under PECR
  • Employee Obligations under PECR
  • Typical Complaints to the ICO
  • Example Complaints including
    o Honda
    o Flybe
    o Royal Mail
    o Direct Choice Home Improvements

4. New e-Privacy Regulations
Session 4 highlights that PECR is continually evolving and participants need to maintain an active knowledge of developments in the area e-Privacy. New e-Privacy regulations were due to come into effect with the GDPR but delays mean these new regulations have still to be implemented.

This session also speculates on what could be included within this new regulation:
• Social Media ?
• More stringent Consent Standards ?
• Web site privacy settings consent ?

5. Workshop Close
A final opportunity for questions and clarification and the chance to consider what action may be needed on return to work.