What is GDPR and PECR?

What is GDPR?

GDPR came into effect across EU countries (including the UK) in May 2018. It:

  • Regulates the processing and handling of personal data by businesses
  • Gives individuals the right to know how their data has been processed
  • Gives individuals the right to prevent their data being processed

GPDR is different to the ePrivacy Directive where businesses must get consent to put cookies on people's computers.

GDPR will still apply to Britain after the Brexit transition period ends on 31 December 2020.

GPDR is in place to protect individual citizens, with the EU stating: "(GDPR) will increase the protection of people's private life and open up new opportunities for business."

What is PECR?

While GDPR is involved with the processing and handling of data, PECR is in place to define the way businesses can reach out to customers by email.

It makes clear distinctions between business-to-business (B2B) and business-to-customer (B2C) communications.

Please bear in mind Metric Central is only involved with B2B data.

We go into more detail about PECR and how it impacts our business databases below.

Please note PECR will be replaced with a new ePrivacy regulation shortly. We will update this page in line with the new regulation when it comes into effect.

How do we ensure data compliance?

We have taken as many measures as possible to ensure our data is GDPR and PECR compliant, and you can reach out to the contacts on your list with complete confidence.

These measures include:

  • We re-build our master business database every month using the latest information from our data sources. This means we always provide our customers with the most up to date information
    • We ensure information from businesses that have ceased trading as well as businesses that do not wish their contact information to be made public is removed from our databases
  • We have carried out due diligence on our data providers and have thoroughly read their own GDPR and PECR guidelines
  • We use legitimate interests for our contact details. In line with the PECR regulations, legitimate interests can be used to process personal data as long as the following criteria are fulfilled:
    • We only provide email addresses for 'corporate' organisations. A corporate organisation is defined as a limited company (Ltd), public limited company (Plc), limited liability partnership or local or national government department.
      • These companies can be emailed without prior consent.
      • We only provide corporate emails in our marketing databases; we do not provide details for partnerships or sole traders
    • Employees of corporates must have the option to unsubscribe easily or opt-out from receiving email marketing. We will remove any contact from our database who requests it
    • The product or service being promoted is able to be purchased by the recipient in a professional capacity
    • The sender of the email must identify themself and provide contact details
  • All records we supply are for either businesses with a UK-based address or an international company with a UK national office
  • Individuals are free to see what data we hold on file for them through a Subject Access Request (SAR) and can request this data is updated or removed. We will do this immediately
    • If the data has previously been supplied to one of our customers, we will contact them and ask them to remove the individual's data from their file and not to contact them

Our data retention policy

We do not store personal data for longer than is necessary.

Remember buying one of our prospect databases or having your existing CRM data audited does not automatically make you GPDR and PECR compliant.

You must follow guidelines when contacting prospective customers, including offering the option to unsubscribe on all communications and ensuring communications are segmented to ensure legitimate interest.

If you have any further questions about what we do to ensure compliance, we're happy to help. Contact us today at info@metriccentral.com for more information.

We will update this page if GDPR and PECR regulations change.

Our Privacy Policy