Information Security and GDPR

Information security

Assess your compliance with data protection in the specific areas of information and cyber security policy and risk, mobile and home working, removable media, access controls and malware protection.

Privacy and Electronic Communications Regulations

The PECR regulates cookies, tracking, and regulates marketing and other “unsolicited” electronic communications.

Although the PECR is often known as the “cookie law”, it stretches further than that. It is based on the EU’s e-Privacy Directive, and covers the security of any electronic communications offered to the public, as well as privacy around billing and location information on communications networks.

The PECR was updated in 2019 to incorporate GDPR’s definition of consent. The rules are set to change again under the EU’s upcoming ePrivacy Regulation.

“Since the introduction of GDPR, organisations now need to ensure compliance with PECR and the GDPR when considering their marketing strategies,” says Gareth Oldale, partner and head of data privacy and cybersecurity at law firm TLT.