PECR assessments are carried out to find vulnerabilities associated with personal data processing and many other aspects.
This blog is all about cookies and PECR assessments. Both of these elements are linked as PECR covers cookies and carrying out the relevant audit.
Cookies are small directories which contain numbers as well as letters which their websites place on their guest’s computer, even though they are modest in size, the collection information that visitors may not wish to share.
To provide precise information about the PECR compliance, the Information Commissioner’s Office (ICO)provides a cookie assessment as the first step.
This information will help you out regarding the assessment of cookies that are used on your organisation’s website.
There are two kinds of cookies: session cookies and persistent cookies. Session cookies are temporarily stored, and once the session is completed, it is deleted or afterwards the browser is closed.
Persistent cookies are also known as permanent cookies which are capable of providing information on the preferences and settings the user selects and provides information for future sessions.
Both kinds of cookies, session cookies and persistent cookies need to be analysed during the cookies assessment.
A cookie assessment is proceeded in two stages: Data gathering and analysis of the assessment.
This is an in-house security assessment which will record the date and the time of assessment, who is doing the evaluation and information about any party reviewed during the evaluation.
The Data Gathering Stage Data gathering stage has three isolated areas of the website to assessment, and every assessment’s access is different.
You must give an answer to each cookie.
Is this cookie really necessary?
Do ensure if the information is crucial. If it really is, you cannot seek the explicit permission of the browser before setting the cookie.
How intrusive is the cookie?
Intrusiveness let cookie reduces the user’s privacy. Much intrusion of the cookie will make you provide more information to the user while obtaining consent.
What additional disclosure is required?
Analyse the outcome, if your analysis reveals that cookie tracking is not strictly required or is much extensive than permitted by the PECR regulations, then you must take corrective action.
For the completion of the analysis, you must record the actions you are planning to take to make cookie complied with PECR.
PECR is a piece of legislation, and this law will remain in place. It applies only to electronic channels such as telephone, email and SMS. PECR not only applies to B2B marketing but also B2C marketing like sole traders, partnerships, unincorporated trusts, partnerships and foundations and their staff members.
PECR and GDPR are both legislations and quite the same in many ways. Currently, the EU is replacing the e-Privacy directive with updated e-Privacy regulation. Although the new law is not yet finalised. As of now, the PECR will continue with GDPR side by side.
The primary difference between these two legislations is mainly related to personal data processing. However, the PECR is related to electronic marketing and contain specific rules on
The legislation only applies to you if you: