Insights
We’ve given answers to some of the top questions charities have asked us around PECR and their email marketing campaigns
GDPR (General Data Protection Regulation) has been overshadowing charities since well before it came into effect in May last year. But GDPR is just part of a wider package of changes around how organisations handle personal data. PECR complements the GDPR regime and sets out more-specific privacy rights on electronic communication.
Charities that deal in any kind of email or electronic communications with donors and supporters also need to be aware of the risks of not complying with PECR, or potentially be open to the same damaging penalties that they face under GDPR. We’ve given answers to some of the top questions charities have asked us around PECR and their email marketing campaigns.
Please bear in mind that this is a quick guide! The advice below is a simplified overview - for the full regulation make sure you read all of the guidance on the ICO website. Or go here to read more on the specific guidance for direct marketing.
PECR stands for Privacy and Electronic Communications Regulations. Its complete title is ’The Privacy and Electronic Communications (EC Directive) Regulations 2003’. It is derived from the European ePrivacy Directive. Both GDPR and PECR sit alongside the Data Protection Act. The latest version of PECR launched on 9 January 2019, to cover some of the changes left by GDPR on 25 May 2018. PECR gives people specific privacy rights in relation to electronic communications. There are specific rules on:
PECR will apply to you if you:
PECR stipulates that you must not send marketing emails or texts to ’individual subscribers’ without specific consent.
PECR defines the means of gaining permission to send email marketing. Email marketing can be sent to individual subscibers with consent. For consent to be valid it must be:
Further requirements to meet new standards for consent under GDPR and PECR:
With the new standards, your existing data will need to be re-permissioned where:
Under PECR, you need to:
The ICO has several ways of taking action to change the behaviour of anyone who breaches PECR. They include criminal prosecution, non-criminal enforcement and audit. The Information Commissioner can also serve a monetary penalty notice imposing a fine of up to £500,000 which can be issued against the organisation or its directors.
Charities should do their own investigation online and read up on the guides and sources provided by the ICO, undergo an ICO self-assessment and make the most of online tool kits. It’s also worth getting clarification of your PECR position from an independent, professional assessor or by calling ICO helpline on 0303 123 1113.
Join us on the 11th of April for our webinar with Dell we will explore how AI is already impacting people and communities, the meanings of AI safety and AI literacy, and how charitable organisations can take action on digital and AI inclusion.