On-Demand Capacity
Business Continuity

Privacy and Electronic Communication Regulations (PECR)

Extreme Flexibility
Demonstrably Simple
Continual Improvements

  topic image  

Privacy and Electronic Communication Regulations

This legal obligation is deply integrated with the Data Protection Act with some shared definitions.   Regulations apply where marketing material is directed to a named person - an email.   Marketing material includes everything that is not a transactional message such as an invoice that is mandated part of a business interaction.   If you are not sure, then it includes marketing, promotional, reference, appeal, rally etc..

  topic image  


1. Where the communication is a normal part of a current business transaction or interaction.
2. Where the communication is to a company such as "" rather than to a named person.

  topic image  

Security Breach

The UK Information Commissioners Office (ICO) must be notified within 24 hours of any data security breach.   A log of all breaches must be kept and all (impacted) customers must be notified.   A security breach is where data involving living people is lost, altered or disclosed.   This includes the loss of a computer, tablet or phone containing such CRM data.

  topic image  

Computer Theft

CRM data must never be stored on any desktop, laptop, tablet or phone.   Where a computer holding CRM data is stolen, the ICO may fine the company that permitted CRM data to be stolen.   Fines of up to 5% of worldwide revenue have been recommended.
Nationwide was fined £1.5 million after a thief broke into an Executives home and stole a laptop containing CRM data.   A sole trader was fined £5000 after a thief stole a laptop from the passenger seat of his car when stopped at traffic lights.
ACRM ensures that CRM data never needs to be stored on a local computer that may be stolen or lost.
  topic image  


Before a named person can be sent any marketing material such as a quotation, the named person must opt-in to recieve such marketing information.   A person may opt-in to recieve some kinds of material but not others - evidence must be recorded as to what, how and when the person opted-in.   Where a person has opt-in to recieve a specific product price that does not mean they have opted in to recieve other product price messages.   It is hard to imagine that a person could consent to third parties providing marketing material.
ACRM is designed to ensure that every message to a customer contact is fully compliant with PECR with regard to opt-in evidence.

  topic image  


Every communication with a named person must include the ability for that person to easily opt-out of recieving any similar material.   Once a person has opted-out, they must not be sent any marketing material until after they have formally opted-in again.   Any marketing message to a customer contact without an easy opt-out button may be illegal.
ACRM is designed to ensure that every message to a customer contact is fully compliant with PECR with an opt-out button.

  topic image  


A key factor for PECR compliance is to ensure that when challenged, evidence can be provided to clearly demonstrate that the named person opted-in before any marketing material was sent to them.   An implied opt-in by telephone may not be adequate evidence to a court.   Pretending that sending a greeting card is not marketing material is not likely to work.
ACRM has built in procedures and methods of working that ensure that the company fully comply with the law - protection from people who like to claim damages.   Every communication with a customer contact is recorded, every opt-in is recorded, every opt-out is recorded and the contacts prefered contact method is always up to date - it may say NONE.
Privacy And Electronic Communication 24 Sep 2018 : 11:06Copyright © 2018 LeXica Ltd54.196.13.210 request 1 in 0.05 seconds