Compliance with PECR is required as part of the Data Protection Act UK, when marketing to consumers via email and SMS, whereas in telemarketing (except automated calls), PECR allows for an opt-out approach, provided the data is screened against TPS and where applicable CTPS.
To rely on legitimate interests for digital marketing, organisations must ensure the following:
The email address and SMS number were collected during the sale of goods or services (although the person does not need to have completed the purchase). The marketing communications must be about similar goods or services to those purchased or enquired about.
Most importantly, someone must be given an opportunity to object to electronic marketing, each time they are sent a marketing message, as well as at the time the data was collected.
Business-to-business (B2B) marketing (defined as limited, public limited companies and public bodies such as schools and hospitals) are not covered under PECR, which means that you do not need prior consent in order to send emails or SMS communications.
Marketers may therefore be able to use legitimate interests for B2B campaigns.
Email addresses of corporate employees can be licensed for third party email campaigns. Legitimate interests would be used to process this personal data as long as all the following criteria are fulfilled:
A corporate is defined as a limited company, public limited company, limited liability partnership or government department and can be emailed without prior consent (eg. joe.bloggs@examplelimited.com).
Employees of corporates must be given the option to easily unsubscribe or opt-out from receiving email marketing.
The product or service being promoted can be purchased by the recipient in a professional capacity.
The sender must identify itself and provide contact details.
Any existing customer OR prospect that is a corporate body (a limited company, public limited company, limited liability partnership or government departments) could be emailed using the legitimate interest route.
When emailing a corporate, you must a) give them the option to easily unsubscribe from receiving further communications, b) the product or service being promoted must be able to be purchased by the recipient in a professional capacity and c) you must identify your company and provide contact details.
You can read more about PECR on the ICO website: https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/
PECR specifically addresses electronic marketing channels, rather than offline channels such as direct mail. This means consent is not required for direct mail or telephone marketing (unless it is for automated calls or to individuals registered with TPS or CTPS).It is worth keeping in mind that PECR is subject to change.
It is informed by the ePrivacy Directive, which is being reviewed by the EU and will become the ePrivacy Regulation in the future. This could potentially impact the soft opt-in, however the final text has not yet been agreed. The latest version of the ePrivacy Regulation retains the existing customer soft opt-in.
When you visit my website, information may be saved on your computer in form of a “cookie” which is then automatically recognised during you next visit to the site. Cookies are small text files which are sent from a web server to your browser and stored on the hard drive of your computer. No personal data of the user are stored, except from the Internet protocol address. This information is used to automatically recognise you during your next visit to our website and to facilitate navigation. Cookies enable me, for instance, to customise a website in line with your interests, or to store your password so that you do not have to enter it again before every visit to the website. Of course, you can also view my website without cookies. If you do not wish me to recognize your computer, please adjust your web browser settings accordingly. You can set your browser to block cookies before a cookie is saved by selecting the option “block all cookies”. For full details about how this works, please read the browser manufacturer’s instructions. However, if you do not accept cookies, you may limit the functionality of my services.
This website uses Google Analytics, a web analytics service from Google Ireland Ltd (“Google”). Google Analytics uses “cookies” which are text files stored on your computer that provide an analysis of use of the website by you. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in Ireland. Through the activation of IP anonymisation on this website, your IP address will first be truncated by Google within the area of Member States of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information in order to assess your use of the website, to create reports on website activity and to generate services linked to the website and internet use for the website operator. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.
You can prevent cookies from being stored via a setting of your browser software; however, please note that in this case, you may not be able to use all features of this website fully. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google as well as the processing of these data by Google by downloading and installing the browser plugin available on the Google website.
Alternatively to the browser plug-in or within browsers on mobile devices, please set an opt-out cookie, which will prevent future data collection by Google Analytics within this website (this opt-out cookie only functions in this browser and only for this domain). If you delete your cookies in this browser you must set an opt-out cookie again.