Is your business PECR ready?

For well over a year, the General Data Protection Regulation (GDPR) has dominated headlines for how it’ll create a marked shift in the way that business can digitally interact with customers and prospects. However, there is another law concerning electronic communications that is also getting a major overhaul that may have escaped your attention, the Privacy and Electronic Communications Regulations (PECR).

The PECR has existed since 2003 and is getting a major overhaul to supplement the GDPR and update electronic marketing rules. Think of the GDPR as the overarching data protection law, while the PECR applies those principles to electronic communications, such as email, cookies and texts. The new PECR introduces rules to simplify cookies, ban unsolicited electronic communications if users haven’t given their consent and incorporate the GDPR’s two-tiered fine structure.

EU lawmakers intend for proposed PECR changes to take effect on 25 May, the same as the GDPR, but there’s significant doubt as to whether they will make that deadline. These PECR changes are still in draft form, but you should still prepare for compliance starting 25 May.

One of PECR’s biggest proposed changes is making all forms of electronic marketing reliant on opt-in consent. Like the GDPR, this means pre-ticked boxes will not suffice. This will even apply to business-to-business communications, as under the GDPR, you need a lawful basis to process ‘personal data’, which is any information that can be used to identify an individual. This means that, would classify as personal data that requires John’s consent before you can market to him through email, even though it’s a business address.

But, this doesn’t sound the death knell for electronic marketing—it just changes it. Instead of inaccurate marketing email blasts that blandly ask for consent, gain consent under the new rules by providing prospects with a piece of relevant, useful content that incentivises them to tick that box. Other PECR- and GDPR-compliant electronic marketing strategies include obtaining double opt-in consent from prospects and ramping up your social media advertising.

For more information on the new PECR rules and how you can comply, read the EU’s press release and stay updated on the ICO’s page.

To learn more about the services we supply and how we can help your business with risk management and compliance simply visit our website at or get in touch via email