The Privacy and Electronic Communications Regulations (PECR) work alongside the UK GDPR to safeguard individuals' specific rights regarding electronic communications.
While the UK GDPR provides a comprehensive framework for data protection, PECR offers additional, specific rights relating to electronic communications. It addresses particular privacy risks arising from activities such as marketing calls, emails, cookies, and other forms of digital communication
Given the extensive access businesses now have to individuals through electronic communications — and the prevalence of such communications — these supplementary protections remain essential to ensure that the processing of personal data in the UK is conducted responsibly and lawfully.
Areas that PECR covers:
PECR sets out specific rules in several key areas relating to the use of electronic communications, including:
- Marketing by electronic means, including calls, texts, emails etc.
- The use of cookies and similar technologies
- Security of public electronic communication services
- Privacy of customers using communications networks or services regarding traffic and location data, itemised billing, line identification services and directory listings.
PECR will apply to you if you:
- Market by phone, email, text, or fax
- Use cookies or a similar technology on your website
- Compile a telephone directory (or similar public directory)
Accordingly, if you send electronic marketing or use cookies, you must comply with both PECR and the UK GDPR.
Compliance responsibilities and enforcement
PECR applies the same standard of consent as the UK GDPR, and there is significant overlap between the two regimes. However, there are important differences, so you must ensure compliance with both sets of rules.
For example, PECR can apply even where no personal data is being processed. In addition, the marketing rules under PECR still apply even when the individual you are contacting cannot be identified, and many of the rules extend protection to organisations as well as individuals.
Please see the ICO guidance on PECR for more details.
Failure to follow PECR rules could result in a fine, criminal prosecution, non-criminal enforcement, or an audit from the ICO in aimed at changing behaviour.
To avoid this risk, our lawyers can help your business maintain compliance with the UK GDPR and PECR rules by providing tailored advice and solutions.
Published 29 August 2025
