Connecting linkedin

GDPR, PECR... really? I have to comply with both?

3 months ago by Alison Owen

W1siziisijiwmtgvmdyvmduvmtuvntavmtmvnja0l0deufigznj1c3ryyxrpb24uanbnil0swyjwiiwidgh1bwiilciymjawedywmfx1mdazyyjdlfsiccisim9wdgltaxplil1d

Since the GDPR became law last month, there's still confusion surrounding the more specific terms of the PECR   

Here at Volcanic, we set out to make things a little clearer for the recruitment industry.

To give them their full title, the Privacy and Electronic Communications (EC Directive) Regulations 2003 - or the PECR - are derived from European law. They implement European Directive 2002/58/EC, also known as the e-privacy directive. 

The e-privacy directive sets out privacy rights on electronic communications. It recognises that the widespread access we have to digital mobile networks and the internet opens up new possibilities for businesses and users, but also that this level of accessibility brings new privacy risks.

Are the PECR superseded by the GDPR?

The PECR sit alongside the GDPR.  

The EU is currently replacing the e-privacy directive with a new e-privacy regulation to sit alongside the GDPR. However, the new regulation is not yet agreed. So for now, the Privacy and Electronic Communications Regulations (PECR) continue to apply alongside the General Data Protection Regulation (GDPR).

So what’s the difference between PECR and GDPR?

The key difference is that the GDPR relates to the processing of personal data, while the PECR relate specifically to electronic marketing and has specific rules on:

  • marketing calls, emails, texts and faxes
  • cookies
  • keeping communications services secure
  • customer privacy regarding traffic and location data, itemised billing, line identification and directory listings.

Do the PECR apply to me?

The PECR will apply to you if you:

  • market by phone, email, text or fax
  • use cookies or a similar technology on your website
  • compile a telephone directory or a similar public directory.

How does this fit with the GDPR?

The fundamental change here is that the GDPR changes the underlying definition of consent. Existing PECR rules continue to apply, but using the new GDPR standard of consent.

This means that if you send electronic marketing or use cookies or similar technologies, you must comply with both PECR and the GDPR.

In particular, it’s important to realise that the PECR apply even if you are not processing personal data. For example, many of the rules protect companies as well as individuals, and the marketing rules apply even if you cannot identify the person you are contacting.

So what about cookies?

Although cookies are governed by the PECR, they do not set out exactly what information you must provide or how to provide it – this is up to you.

In regulation 6 of the PECR, it states that you should:

  • Tell people that the cookies are there

  • Explain what the cookies are doing and why

  • Get the individual’s consent to store a cookie on their device.

To be valid, consent must be freely given, specific and informed, and must involve some form of positive action. This consent should be unbundled from other information in your website, such as your privacy policy. Consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set.

This consent should be obtained from the subscriber or the user and, in practice, you may not be able to tell who is a subscriber or a user. The key will be that valid consent has been provided by one of them.

If you'd like any help with your recruitment website's compliance, get in touch.

Useful links

These links give detailed information and will be regularly updated by the ICO.

3 MONTHS AGO BY ALISON OWEN

W1siziisijiwmtgvmduvmzevmdgvntuvmzavnzmzl1njcmvlbibtag90idiwmtgtmdutmzegyxqgmdkuntuumtyucg5nil0swyjwiiwidgh1bwiilci0mdb4mzawxhuwmdnjil0swyjwiiwib3b0aw1pemuixv0

That’s the little big number so far across the Volcanic platform since last week; and that oxymoron really does sum up the mad rush post 25th May - Friday’s charge totalled 10 with further enthusiasm on the bank holiday being demonstrated by 5 req...

READ MORE

3 MONTHS AGO BY ALISON OWEN

W1siziisijiwmtgvmduvmtqvmtuvndmvndkvny9cscbpbnrlz3jhdglvbi5qcgcixsxbinailcj0ahvtyiisijqwmhgzmdbcdtawm2mixsxbinailcjvchrpbwl6zsjdxq

To further support our clients in meeting their GDPR obligations, Volcanic has launched a new integration with Bullhorn. This new service allows all our Bullhorn clients to integrate their GDPR consents directly and automatically from their websit...

READ MORE

6 MONTHS AGO BY ALISON OWEN

W1siziisijiwmtgvmdivmjivmtevmdcvmzivnti0l3nodxr0zxjzdg9ja18zotkyodg5ntuuanbnil0swyjwiiwidgh1bwiilci0mdb4mzawxhuwmdnjil0swyjwiiwib3b0aw1pemuixv0

In the second in the Volcanic GDPR video series we take a look at GDPR and security. GDPR compliance requires companies to take steps to ensure the ongoing confidentiality, integrity, availability and resilience of their systems, and to document t...

READ MORE