Even though there is much furore about the GDPR and its impact on businesses, there is another set of directives that also deal with the issue of data privacy and has been in force for a long time now. It is the Privacy and Electronic Communications Regulations (PECR). The PECR deals specifically within the premise of electronic communication; the major areas of concern being email marketing, telemarketing and the identification and collection of data within them.
The vision of both GDPR and PECR is same – to acknowledge that with the growth of digital networks and internet, there is also growing concern about citizen’s privacy. The scope of PECR is limited by the fact that it is more specific.
The PECR is based on the E-privacy Directive of 2002. The latest update to the E-Directive is in the pipeline and it could modify the current standing of the regulation, but is not to be expected till around 2019. Till then the PECR sits in conjunction with the GDPR as the accepted norm.
The pointers of the PECR
Every email marketer needs to be aware that they need compliance with both GDPR and the PECR from May 25, 2018. Both the regulations are valid for email marketing and while the GDPR has a broad scope, the PECR is more detailed. Failing to do so can invite strict infringement issues.
The following are guidelines to assist compliance with PECR.
PECR apply even if you are not processing personal data
In simple terms, PECR applies even to e-marketing and telemarketing, where personal data may not be involved. For example if the person called is not known or any identifiable data is not available, then also the PECR would be applicable and before making such a call, the procedure laid out needs to be followed.
Consent – the mandatory rule
According to the PECR, the marketing to any individual can be processed only if he has given his explicit consent to do so. The definition of consent in the PECR upholds the standard mentioned in the GDPR for the same, which is quite high and seeks to give direct control in the citizen’s hand.
The accepted way to obtain Consent is through the OPT-IN system as against the OPT-OUT one. Simply put, this happens when the user directly requests for the information to be sent to him. The opt-in system also defines that implied consent is no more acceptable and any user cannot be opted in by default.
Based on the above factors, the PECR lays out the difference between solicited and unsolicited marketing.
Requirements for a marketing email
There is a content requirement or a format for every mail that is intended for marketing.
– The purpose should be clear. If the mail aims at core marketing, that feature should be identifiable.
– A registered address must accompany the mail.
– An unsubscribe mechanism should be available in case the user wants to withdraw his/ her consent immediately.
Marketing messages will not be considered unsolicited if
– They are sent to existing customers or those in negotiation for a sale or service
– There is a provision of unsubscribe while collecting details and in every subsequent message.
With privacy being a serious concern today, there is pressing need to enforce the role of regulation. Not only is it imperative for companies to overhaul their processes and policies regarding privacy and data, but it is also important for citizens to know their privileges and rights and exercise them discerningly.