Understanding Privacy & Electronic Communications Regulations Laws
Digital Marketing Rules in the UK
Privacy & Electronic Communications Regulations
We provide reliable and professional legal advice on Privacy and Electronic Communications Regulation. This covers the use of cookies and similar technologies, as well as electronic communications like marketing calls, or emails.
What is the difference between PECR and GDPR?
GDPR governs individual rights while PECR governs electronic communications. Both work independently and together and are overseen by the ICO which then enforces the law.
What areas does PECR cover?
PECR regulations cover the following 5 areas related to electronic communications:
Privacy of communications – It provides specific protections for the privacy of electronic communications, such as email and instant messaging, by requiring that such communications are intercepted only in accordance with the law.
Cookies and similar technologies – It requires websites to obtain informed consent from users before placing cookies or similar technologies on their devices.
Marketing communications – It sets out specific rules for sending electronic marketing communications, including telemarketing calls, faxes, emails, and text messages.
Location data – It regulates the use of location data, including GPS and Wi-Fi positioning data, collected through electronic communications services.
Traffic and device data – It requires that traffic and device data collected in the course of providing electronic communications services is processed in accordance with data protection principles.
Does PECR still apply in the UK?
Yes, since leaving the EU, the UK has adapted the EU legislation into UK law.
How does PECR apply to me?
Under the current PECR laws, organisations are allowed to market other organisations (B2B) without consent. Organisations can also market individual’s with their consent, and sometimes using soft opt-in. At WDPS we help organisations navigate the differences.
Are you aware that PECR law is changing? Under the old legislation organisations could be fined up to a maximum of £500,000 for not following the rules. Under the new Data (Use and Access) Act this increases to be in line with GDPR. Organisations who fail to follow the rules could face a fine of up to €20 million or 4% of annual global turnover, whichever is greater. This is set to come into force in 2026.
Stay ahead with expert data protection tips
Get practical advice, legal updates, and exclusive insights.
PECR Rules
Below is a list of marketing rules that apply when dealing with both business and individuals including sole traders.
Direct marketing rules explained | Consent | Sale or negotiation exception | Mailing Preference Service |
Postal marketing | |||
Individuals (including sole traders) | Not required | Not required | Check Mail Preference Service |
Organisations | Not required | Not required | Not required |
Email and SMS | |||
Individuals (including sole traders) | ✓ | ✓ | ✓ |
Organisations | Not required | Not required | Not required |
Live Sales Phone Calls | |||
Individuals (including sole traders) | Not required | Not required | Not required |
Organisations | Not required | Not required | Not required |
Automated (Pre Recorded) Calls | |||
Individuals (including sole traders) | ✓ | Not required | Check Telephone Preference Service |
Organisations | ✓ | Not required | Check Corporare Telephone Preference Service |
Under PECR rules, organisations are allowed to email a sole trader at a generic address such as info@ without consent. However, if the organisation was to then email the same trader at their personalised address they would need consent as this is classified as personal data as it uses the individuals name.
An organisation can market to individuals via email and post if they have consent. This can be obtained in a number of ways, one of them being soft opt-in. This is during the sale or negotiation of a product or service.
Content reviewed by Clara Westbrook
Clara Westbrook is a qualified solicitor and non-practising barrister with over 25 years’ experience in data protection, and commercial law.
She is the founder of Westbrook Data Protection Services Ltd, a consultancy providing GDPR compliance advice, DSAR support, audits and contract reviews for organisations across the UK. Clara has previously held senior legal and compliance roles at Burberry, WarnerMedia, Richemont and IMS Health.
Contact us
If you would like to know more about marketing laws, email us today. You can also call us on +44 (0)79769 39016 Please leave your details and we will be in touch.
Westbrook Data Protection Services Limited
2nd Floor, Midas House, 62 Goldsworth Road , Woking, Surrey, GU21 6LQ
Frequently Asked Questions
What is PECR and who does it apply to?
PECR, or the Privacy and Electronic Communications Regulations, governs electronic communications such as marketing calls, emails, cookies, and location data. It applies to organisations interacting with both businesses and individuals, including sole traders.
Does PECR law still apply in the UK after leaving the EU?
Yes, PECR still applies in the UK. Since leaving the EU, the UK has incorporated EU legislation into UK law to ensure continued regulation of electronic communications.
How does PECR impact marketing strategies for businesses?
Under PECR, organisations can market to other businesses (B2B) without consent, but must have consent to market to individuals through email and post, often using soft opt-in during sales or negotiations.
What are the key areas covered by PECR regulations?
PECR covers the privacy of communications, cookies and similar technologies, marketing communications, location data, and traffic and device data, ensuring these are managed in accordance with legal protections and data principles.
What are the upcoming changes to PECR law and the potential consequences for non-compliance?
PECR law is set to be amended with the new Data (Use and Access) Act coming in 2026. Non-compliance could result in fines up to €20 million or 4% of global turnover, comparable to GDPR penalties.