ePrivacy / PECR

Get Compliant. Stay Compliant.

ePrivacy / PECR

The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the GDPR. They give people specific privacy rights in relation to electronic communications.

Privacy and Electronic Communications Regulations (PECR) are changing to ePrivacy. The ePR will replace the 2002 ePrivacy Directive (the ‘cookies law’) and all member state laws that implement it – including the UK’s PECR (Privacy and Electronic Communications (EU Directive) Regulations 2003).

If you market by phone, email, text or fax, use cookies or compile public directories, the PECR currently apply. The ePR will be broader in scope and aim to ensure privacy in all electronic communications; including over-the-top service providers such as instant messaging apps and VoIP (Voice over Internet Protocol) platforms, and machine-to-machine communications such as the IoT (Internet of Things).

The ePR will have the same territorial scope as the EU’s GDPR (General Data Protection Regulation), carry an identical penalty regime for non-compliance and was intended to come into effect on 25 May 2018. However, there have been delays and it is likely to come into force in 2020.

CDS can assist your organisation in keeping its head above water when it comes to engaging in marketing activity and allowing you to maximise on opportunities whilst protecting your reputation.

Here are some examples of the types of marketing compliance solutions that we offer:

ePrivacy / PECR Services

If you are at the initial stages of planning your journey to PECR or the upcoming ePR compliance, a Gap Analysis is an ideal place to start. Our Gap Analysis is a brilliant initial audit to assess your current situation in terms of compliance and identify areas of non-compliance in relation to the current applicable laws including PECR & ePR. This can then form the basis of your roadmap to PECR & ePR compliance.

Key Differentiators:

  • Completely bespoke programme and schedule of work through consultative scoping
  • Thorough audit on site with a comprehensive review of policies and procedures. CDS will then deliver a tailor-made action plan to outline your roadmap towards compliance, creating a bespoke report of work outlining our findings.
  • Very quick turnaround, Get your report within 7 days of the site visit
  • A low cost/ High impact first step toward PECR & ePR compliance
  • Minimal disruption to BAU

Once CDS have carried out a gap analysis and provided a report listing all recommendations with a priority rating against each one, you will have a clear roadmap to PECR & ePR compliance. You can either implement these recommendations yourself or enlist our qualified practitioners to help implement and improve the areas of concern. Our qualified practitioners can take ownership of all or part of the PECR & ePR compliance plan and make sure that this has been implemented across the business.

Key Differentiators

    • All remediation consultancy is carried out by our fully qualified practitioners and consultants with over 10 years of industry experience.
    • Through our transparent and consultative approach, we can mentor incumbent resource on areas of compliance as part of the service.
    • CDS can be involved as much or as little as your require, with the ability to take complete ownership of a project and see it through to completion.
CDS can help you build a robust marketing framework for you organisation. Some examples of what this would cover are:
  • Devising compliant paper-based (postal mail) and electronic (e-mail, fax and social media) direct marketing strategies that meet GDPR and PECR/ePR requirements.
  • Advising on the types of activities that could constitute direct marketing for GDPR and PECR/ePR purposes.
  • GDPR and PECR/ePR prior consent requirements and developing compliant documentation, including terms and conditions, application and consent forms (on- and offline)

  • Key Differentiators
  • All consultancy work is carried out by our fully qualified practitioners and consultants with over 10 years of industry experience.
  • Through our transparent and consultative approach, we can mentor incumbent resource on areas of compliance as part of the service.
  • CDS can be involved as much or as little as your require, with the ability to take complete ownership of a project and see it through to completion.

Training is a large part of compliance. Creating policies, procedure and registers alone will not equate to PECR & ePR compliance. Organisations must then ensure that these policies, procedures, registers etc. are embedded and followed throughout the entire organisation. Regular training is the best way to make this happen.

CDS provide on-site training solutions bespoke to your organisation. Rather than generic training sessions, we use your policies and procedure etc. to tailor our training sessions to your organisation.

Key Differentiatiors:

  • Fully qualified and experienced trainers
  • Bespoke training solutions
  • Classroom based training
  • Interactive training sessions

CDS offer bespoke fully managed on-going annual support services. This allows your organisation to work towards and maintain PECR/ ePR compliance whilst controlling budgets and resources. Essentially, we become an extension of your compliance team or in some cases, we become your compliance team.

As well as taking care of any remediation action necessary based on the findings of the gap analysis, CDS can undertake ad-hoc consulting briefs and take ownership of implementing and delivering compliance projects. 

All bespoke support service agreements include access to a business hours helpdesk and a fully qualified on-site consultant. In order to provide costings for this service, CDS would agree with you how often you would like your on-site consultant to visit and how much remote support desk assistance you would require. Using this information, CDS can provide you with an annual cost for the service.

Key Differentiators

    • Tailored / bespoke contracts to meet your exact requirements
    • Low cost and effective support partner
    • Full spectrum support for all PECR & ePR compliance requirements
    • Fully qualified professionals with considerable industry and legal experience
    • Remote and on-site support provided

CDS provide a business hours Support Desk for any remote support and guidance, this includes any queries in relation to PECR & ePR. Any queries, questions or complaints you receive can be dealt by our senior team of practitioners who will resolve and come back to you with follow up actions and a resolution.

Key Differentiators:

  • Business hours support desk
  • Fully qualified professionals with considerable industry and legal experience
  • Our support desk can assist you in carrying out some activities relating to GDPR/DPA18 compliance, remotely. This can increase flexibility and reduce the additional costs of having a consultant on-site.

CDS have partnered with KnowBe4, the world’s largest integrated platform for awareness training combined with simulated phishing attacks. Their training platform covers data protection and cyber security. This training platform gives you access to a library of 900+ training items comprising of interactive modules, videos, games, posters and newsletters.

You can also use this platform to send simulated phishing attacks to your employees. You can then monitor and report on the outcome of these simulated phishing attacks in order to assess which staff members require refresher training.

Key Differentiators:

  • Engaging, Interactive Browser-based Training. The interactive training gives your users a fresh new learner experience that makes learning fun and engaging. With the optional gamification feature, users can compete against their peers on leaderboards and earn badges while learning how to keep your organisation safe from cyber-attacks.
  • Automated Security Awareness Program (ASAP). ASAP allows you to create a customised Security Awareness Program for your organisation to help you create and implement a fully mature training program in just a few minutes!
  • Phish Alert Button. KnowBe4’s Phish Alert add-in button gives your users a safe way to forward email threats to the security team for analysis, and deletes the email from the user’s inbox to prevent future exposure. All with just one click!