Many of our customers have asked us about the legal implications of B2B email (PECR), so we want to provide them with a helpful guide on how to comply with the regulations. We have created a quick guide and a comprehensive checklist to help our customers understand PECR and what they need to do to stay compliant. This will ensure that our customers have the information they need to successfully adhere to the regulations.
What is PECR?
The Privacy and Electronic Communications Regulation (PECR) is a key component of the regulations surrounding the usage and handling of data within the UK and Europe. PECR is a particular set of regulations designed to protect the privacy of individuals and businesses by regulating the use of electronic communications.
What does PECR cover and why is it important?
What are the consequences of not abiding by the PECR?
The ICO can take legal action against organisations and their “officers” (Director, Manager, Secretary, or another similar position) for PECR violations as of 17 December 2018. This could include criminal prosecution, non-criminal enforcement, audits, and penalties of up to £500,000.
What do I need to do?
With the PECR Compliance Checklist in Europe B2B marketing and data handling, companies help ensure they are adhering to the data protection regulations of the EU while also protecting their customers’ data.
Are you a 1 Stop Data customer in Europe who is interested in ensuring your business-to-business (B2B) data handling is compliant with the Privacy and Electronic Communications Regulations (PECR)? If so, it is essential to understand the obligations for B2B marketing under the PECR.
At 1 Stop Data, we understand the importance of PECR compliance and have created a simple checklist to ensure you are up to date with your obligations. By following this checklist, you can help ensure you are compliant, protecting your business from potential legal issues.
1. Consent (Opt-in):
Under PECR, you don’t always need to obtain opt-in consent to hold or use personal information. The regulations vary from country to country in Europe, however, for the UK specifically, whilst you do need an opt-in for marketing for B2C (Business to Consumer) marketing, you don’t need an opt-in for B2B (Business to Business) marketing. This means that B2B emails can be sent to executives at corporate bodies without opt-in, but it’s important to comply with opt-out rules, so you must provide an option to easily unsubscribe to marketing messages.
In order for any consent you do gather to be valid, it must be freely given (e.g no pre-ticked boxes on forms etc.), and the individual must be informed and unambiguous. This includes obtaining explicit consent for any automated decision-making or profiling.
For more information regarding the countries that have different regulations, see our guide.
2. Keep Records:
You must be able to demonstrate where or how you obtained information. This should include where data was sourced from, when it was collected, if and who gave consent where applicable. You should periodically audit the data to ensure that any information you are using is valid and up to date. This includes verifying the accuracy of the records, removing any data that is out of date, sending right-to-be-informed notifications (RTBI) to remind people that you hold and what it is used for, with an option to be removed.
For further help, you can download our comprehensive GDPR checklist to ensure compliant data processing and secure data handling.
Keep legitimate interest at the heart of your targeting. You should give careful consideration to audience profiling and targeting for your marketing. Are they the appropriate decision-makers and influencers to send your offer? This will help keep you compliant but also help maximise the success potential for your campaign. Some simple examples would be to target IT Managers when promoting laptops, or targeting the facilities manager for cleaning and property maintenance products. You could also target someone in purchasing for either of those.
4. Be open and clear:
When collecting data and conducting your marketing, be sure to communicate effectively and clearly. Make sure your messaging is clear and concise, providing information on who you are, what data you are collecting, the purpose of the information, and how recipients can opt-out. This will help ensure you are compliant with relevant regulations. Additionally, the sender must not disguise their identity and must provide a valid contact address for opt-outs. For marketing, companies must screen their own ‘do not contact’ lists for named employees and give them the option to opt-out.
5. Respect Unsubscribes:
Whilst in the realms PECR and B2B Marketing, you do not have to provide an opt-out / unsubscribe option, although it is considered best practice to do so. With B2C marketing, however, you must provide an unsubscribe option and stop any marketing activities when requested. It is important to ensure that you respect any opt-outs. Brand reputation aside, there’s also no point wasting your valuable marketing budget on someone who doesn’t want to receive it. The process needs to be clear and easy to use.
6. Privacy by design
Ensure that privacy is taken into account in all of your processes and procedures. Implement measures to protect personal data and take steps to ensure that individuals’ information is secure. Regularly review your practices to ensure that privacy is maintained and that any changes are compliant with relevant laws and regulations.
7. Password protect it!
Ensure that all members of your team are securely safeguarding data at all stages of interaction, even when utilising SFTP and other methods of transferring data.
1 Stop Data is at the forefront of data compliance. We appreciate the importance of PECR observance and are devoted to aiding our clients to help ensure their B2B data handling and marketing activities are compliant.
1 Stop Data’s commitment to compliance and excellence ensures that our customers can trust the data we supply. Our services empower companies, giving our clients assurance that their data is compliant, and providing them with the confidence to engage with their target audience in a responsible and legally compliant manner.
Should you have any queries concerning PECR compliance or need assistance with GDPR, or any of the points stated in this checklist, Contact Us today.