Privacy and data protection in direct marketing

The Privacy and Electronic Communications Regulations


The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act (DPA) and the UK General Data Protection Act (UK GDPR), and are the rules that govern how you conduct your electronic marketing, such as email or telephone. The regulations will also affect you if you use cookies on your website or if you operate telephone or similar directories.

Key elements of the regulations are that you must obtain consent before installing cookies on a user's machine and in some cases you must have the customer's specific consent to be able to send them electronic marketing. If an individual has opted out of receiving marketing information, you are not allowed to send it.

To comply with the regulations you must:

  • Ensure that you have the customer's consent to electronically market to them by phone, fax or email.
  • Identify yourself when you carry out marketing.
  • Provide appropriate contact details when sending marketing material or messages so that the individual or organisation receiving the marketing can contact you. This should be a postal address, email address or Freephone number.

For telephone marketing, you must identify yourself. You must also give your address or Freephone number if the person you are calling asks for it.

Businesses must tell visitors to their website that they use cookies and obtain their consent. You must also tell your site users how you use cookies.

For more information on the rules applying to different forms of electronic marketing, see electronic, email and telephone marketing regulations.