What is PECR all about?
PECR sets out what you can and can’t do when it comes to direct marketing.
If you dabble in any type of direct marketing to customers (telemarketing, email, SMS, direct messages via social media) then you must abide by the rules of The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
The regulations dictate what you must consider when telemarketing, like adhering to the rules of the Telephone Preference Service (TPS) or people’s preferences for your marketing. Likewise, they tell you what you can do with electronic marketing such as emails or automated calling, and when you need consent.
What is direct marketing?
Direct marketing is the communication by whatever means of advertising or marketing material which is directed to particular individuals. It covers any form of marketing when you are doing so to named people. It can be in any form, via phone, email, SMS, direct messages via social media and so on.
Many companies are doing it but are not always aware that they are engaged in direct marketing, which could be contacting people who have previously indicated an interest in a product or service.
If you are doing any kind of outbound marketing, then you really should consider whether it is ‘direct’. Do you have the names of the people you are trying to sell your products or services to? Are you using their details to contact them? If yes, then it’s direct marketing.
Why does it matter?
The Information Commissioner’s Office (ICO) are essentially the data protection police. People often worry about minor breaches of data protection laws and getting in trouble with the ICO, but it is breaching direct marketing laws – namely PECR - that should be of most concern, as PECR is also monitored by the (ICO).
The cases that the ICO are generally most interested in are the alleged breaches of these direct marketing laws. Breaches that can cost businesses up to £500,000 in fines, prohibition on their business activities and serious damage to their commercial reputations. Not forgetting the potential liability of the company directors for the same eye-watering fines - and disqualification if the fines are not paid.
Yes, the UK General Data Protection Regulation (GDPR) and Data Protection Act (DPA) are important, but companies often overlook, or in lots of cases aren’t aware of the rules that they are most likely to fall foul of, The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
What can I do about it?
If you are found to have breached PECR, the ICO will send you correspondence asking you to detail how you are adhering to the regulations, including how you ensure subscribers have consented to receiving direct marketing from you and critically, they will request ‘copies of any policies, procedures and training materials used to inform staff about compliance with PECR’.
This last point matters more than most because, as a solicitor who specialises in helping companies navigate ICO investigations, I find that in almost all cases, companies do not have training in place and therefore cannot provide the ICO with sufficient evidence that their staff know how to deal with direct marketing.
So in terms of what you can do about PECR regulations, first and foremost, you should be ensuring your staff are properly trained, which is why I have created a specific online training course for any company involved in direct marketing.
I have vast experience as a specialist solicitor in this area of regulatory law and I work alongside some of the UK’s largest claims management, home improvement and call centre companies to ensure that they are training their staff to adhere to PECR regulations.
If your employees are found to be in breach of PECR, your company and you personally as a director will be held responsible and could both face a fine of up to £500,000.
This year alone, I have dealt with multiple cases of complaints. But by training your team appropriately, you can ensure your business remains compliant and commercially viable, whilst avoiding scrutiny from the ICO.
The Direct Market Laws online training course
If you want to ensure your teams are compliant with PECR regulations and demonstrate that your staff are well informed, you can enrol them on my online training course. They can complete the course at any time, at their own pace, it’s CPD -accredited and it’s a very reasonable £75+VAT per head.
I also offer bespoke in-house training for large groups. For more information, please contact me at andrew@andrewswanlaw.co.uk or on tel: 07907 308773.