With all the attention on GDPR over recent months, its' easy to overlook one important piece of legislation that has as much of an impact on your mark
With all the attention on GDPR over recent months, its’ easy to overlook one important piece of legislation that has as much of an impact on your marketing strategy as GDPR – the Privacy and Electronic Communication Regulation (PECR)
What? More red tape?!
The PECR is not new – it’s a piece of legislation that has been around since 2003 (but amended a few times since).
So what’s it all about?
The PECR has specific rules around
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
What if I don’t send marketing emails?
If all you use our products for is the sending of transactional emails (those relating to the sale/letting of property) – then you don’t need consent for these emails. These emails are required for the performance of a contract you have entered into therefore consent is not required.
So why do I need to worry about it?
You need consent before sending unsolicited marketing by electronic means.
What about consent?
Consent under GDPR has an incredibly high standard for consent. It means that consent may not always be the most appropriate basis for processing data.
We’ve seen two approaches adopted by the industry:
- Use consent as the basis for processing personal data for marketing purposes; or
- Use the “soft opt-in” under PECR to obtain consent for marketing via electronic means and use legitimate interests as the basis for processing personal data
There’s a great article from the direct marketing association that discusses both approaches
If you use the second approach it’s important that you give the client the opportunity to opt out upon initial contact and at every subsequent contact.
There’s also a few key steps you are required to go through as defined by the ICO you need to:
- identify a legitimate interest;
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
It’s really important that you understand the ICO checklist for legitimate interests and keep the required documentation.
How will this work in the products?
We’ll talk about consent for marketing in our products in future articles and how to guides. We’ll be giving you plenty of detailed guidance ahead of 25th May to help you in your GDPR compliance journey.
Disclaimer: This article is based upon our understanding of the General Data Protection Regulation (GDPR). There are still some aspects of the GDPR which are undetermined or are awaiting guidance from the ICO. This should not be relied upon as legal advice nor how GDPR may apply to your organisation. We encourage you to work with a legally qualified professional to understand GDPR, how it applies specifically to your organisation, and how best to ensure compliance.