My Take On: Forget GDPR for a minute and keep your PECR up
Toby Walker, managing director of Workshop Marketing, on why in the rush to get GDPR-ready, many people are overlooking another key piece of email marketing legislation
With only days to go before the new data protection law comes into full effect, the number of requests I receive asking me to reconsent to marketing emails or agree to a new set of T&Cs is ramping up sharply.
The fact that this flurry of activity is happening so very close to the 25th May deadline serves as a clear indicator of just how confusing GDPR is for our industry and arguably how poorly the issue has been handled by the EU, UK Government and the ICO.
The first time I heard of the GDPR was back in November 2016 and since then, either I, or one of my colleagues, has attended every workshop, training session or talk about the subject that we could get a seat at.
What an eye opener that turned out to be… while every session added something to our collective knowledge, most of them also managed to introduce outlandish sounding ideas that warranted further investigation.
The kind of GDPR ‘must-do actions’ being put forward ranged from no longer being able to use the CC function on emails, to the assertion that all marketing communications will require consent.
Or that double opt-in for email marketing is part of the new law and that you need to record every single point of communication with every single person who contacts your business in whatever capacity.
The presentation this suggestion came from also recommended recording all phone calls and putting systems in place so you could put your hands on any given recording in a moments notice if the authorities were to come knocking.
On the face of it, these ideas could easily be believable, but could just as easily be the musings of someone living in cloud cuckoo land.
The trouble is, what and who to believe? With headline grabbing figures of a €20 million fine if you fall foul of GDPR, panic quickly ensues and some of the wilder ideas about how to comply begin to sound perfectly plausible.
What’s really worrying about some of the ideas flying around about GDPR, particularly from the point of view of a marketer, is what’s missing. A huge amount of marketing activity isn’t affected solely by GDPR. There is also another piece of legislation called PECR or the Privacy and Electronic Communications Regulations that governs electronic marketing communications (email, telephone, text or other ‘electronic mail’).
Sure, you need to comply with GDPR when it comes to processing data, but PECR dictates the communications you can actually send and it’s been in place since 2003. For example, it’s PECR that determines what kind of marketing emails you can send to your customers, if you can still use a ‘soft opt-in’ and what you can do with bought in data lists, amongst other things.
And getting it wrong can be costly. Honda, Flybe and Morrisons were all handed penalty fines for contravening PECR in 2017. So while everyone feverishly tries to deal with becoming GDPR compliant before the deadline, do yourself a favour and don’t forgot to keep your PECR up.