Compliance with PECR is required when marketing to consumers via email and SMS, whereas in telemarketing (except automated calls), PECR allows for an opt-out approach, provided the data is screened against TPS and where applicable CTPS.
To rely on legitimate interests for digital marketing, organisations must ensure the following:
The email address and SMS number were collected during the sale of goods or services (although the person does not need to have completed the purchase). The marketing communications must be about similar goods or services to those purchased or enquired about.
Most importantly, someone must be given an opportunity to object to electronic marketing, each time they are sent a marketing message, as well as at the time the data was collected.
Business-to-business (B2B) marketing (defined as limited, public limited companies and public bodies such as schools and hospitals) are not covered under PECR, which means that you do not need prior consent in order to send emails or SMS communications.
Marketers may therefore be able to use legitimate interests for B2B campaigns.
Email addresses of corporate employees can be licensed for third party email campaigns. Legitimate interests would be used to process this personal data as long as all the following criteria are fulfilled:
A corporate is defined as a limited company, public limited company, limited liability partnership or government departments and can be emailed without prior consent (eg. firstname.lastname@example.org).
Employees of corporates must be given the option to easily unsubscribe or opt-out from receiving email marketing.
The product or service being promoted can be purchased by the recipient in a professional capacity.
The sender must identify itself and provide contact details.
Any existing customer OR prospect that is a corporate body (a limited company, public limited company, limited liability partnership or government departments) could be emailed using the legitimate interest route.
When emailing a corporate, you must a) give them the option to easily unsubscribe from receiving further communications, b) the product or service being promoted must be able to be purchased by the recipient in a professional capacity and c) you must identify your company and provide contact details.
You can read more about PECR on the ICO website: https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/
PECR specifically addresses electronic marketing channels, rather than offline channels such as direct mail. This means consent is not required for direct mail or telephone marketing (unless it is for automated calls or to individuals registered with TPS or CTPS).It is worth keeping in mind that PECR is subject to change.
It is informed by the ePrivacy Directive, which is being reviewed by the EU and will become the ePrivacy Regulation in the future. This could potentially impact the soft opt-in, however the final text has not yet been agreed. The latest version of the ePrivacy Regulation retains the existing customer soft opt-in.