Electronic communication is a powerful tool. It can help us keep in touch with friends and family, stay informed about the world around us, and even get our jobs done. But it can also be an information security risk.
In the UK, electronic communication is governed by a law known as The Privacy and Electronic Communications Regulations (PECR). The regulation aligns with the EU Privacy Directive and the UK GDPR to establish privacy rights for electronic communications.
Here's all you need to know about PECR, including what it covers, to whom the regulation applies and how it can benefit your organisation.
In this blog post, we'll cover:
What is the relationship between the PECR and the UK GDPR?
Why is it important to comply with the PECR?
What is PECR?
PECR is a set of EU laws that regulate how electronic communications services work with each other, as well as how they interact with the public.
The goal of PECR is to provide consumers with an equal level of protection when using these services. For example, it prevents companies from collecting data about their users without consent and mandates that users be notified whenever their data has been exposed to a third party.
The PECR governs how companies must handle data when they use electronic communications to interact with consumers. The act provides all kinds of protections for individuals who are using these services, including:
- How much information can be collected
- Who gets access to it
- Where it can be stored (in a physical location vs. digital)
PECR has undergone a number of changes. The most recent changes were implemented in 2018 when it was decided to ban cold-calling for management services and introduce director accountability for major communication rule violations. They were changed in 2019 to include the UK GDPR definition of consent and to ban specific instances of cold calling for pension plans.
What does the PECR cover?
PECR covers all forms of electronic communications, including email, text messages, and conference calls. It also covers the collection of personal data in an electronic form by an entity other than a public authority or law enforcement agency that uses these forms of communication for marketing purposes.
It also includes taking caution of the following:
- Data quality, including the accuracy of personal data.
- Access to and correction of personal data.
- The time period that information remains available.
- Security measures for electronic communications services.
- Preventing access to personal data from third parties.
Who does the PECR apply to?
You might be wondering whether the UK's privacy law actually applies to you if you run a non-UK or non-EU business there. The PECR is applicable to non-UK and non-EU businesses if they are conducting business in the UK.
You must abide by the PECR and the UK GDPR if you sell goods and services or advertise to UK residents. The regulation requires that companies that provide electronic services, such as e-mail, internet browsing, online gaming, and social media platforms, must comply with privacy regulations.
This includes both individuals who use these services as well as businesses and organisations that offer them.
What is the relationship between the PECR and the UK GDPR?
The UK GDPR is a regulation that came into effect on May 25, 2018. It is a law that requires all organisations processing the personal data of EU and UK citizens to follow strict rules for handling that data and for protecting the privacy of users.
The PECR is a set of regulations that were established to protect the privacy of UK citizens. The PECR regulations are similar to UK GDPR in many ways, but they differ in some key details.
The UK GDPR and PECR share many similarities. Both laws were enacted to ensure that people's personal information is not shared with third parties without their express consent. Even though both laws are different in some ways, they have many commonalities that make them valuable tools for businesses and individuals alike.
Both laws also stipulate that organisations must obtain consent from customers before collecting or using personal information for marketing purposes. However, this requirement differs slightly from one law to another. Under PECR, organisations can only require opt-in for certain types of marketing communications. Under the UK GDPR, opt-in is required for almost any type of communication unless the consumer has explicitly consented otherwise.
Another major difference between PECR and UK GDPR is how each regulation approaches personal data processing. Personal data processing is defined as any operation or set of operations which permits access to personal information, whether or not by automatic means, such as through direct contact with individuals. In contrast, personal data processing under UK GDPR also includes automated processing, which requires no human intervention.
To sit alongside the EU version of the UK GDPR, the EU is in the process of replacing the present e-privacy regulation with a new e-privacy Regulation (ePR). As the UK has left the EU, the ePR will not instantly become part of UK law or coexist with UK GDPR.
Why is it important to comply with the PECR?
Privacy and electronic communications regulation is important for organisations because it protects the rights of individuals to privacy and confidentiality, as well as their ability to communicate freely.
Organisations need to be aware of these issues, so they can take steps to ensure that the privacy and confidentiality of their customers are protected. If a company does not have adequate safeguards in place, then its customers may feel that they do not have any control over how their information is used by other parties.
Additionally, if an organisation does not respect the privacy of its customers, this might lead to a negative public perception of the company's trustworthiness or reputation.
If an organisation is found not complying with the PECR, it can face fines of up to £500,000.
Need help with data privacy compliance?
PECR makes sure customer privacy in electronic communications is protected, keeping personal data secure and shielding organizations from misuse by others. Complying with PECR means organizations can manage customer data more wisely, enhancing how it's kept and shared.
DataGuard can help you achieve data privacy compliance. Schedule a call with our data privacy experts, and we'll guide you through it.
