Privacy and Electronic Communication (PECR) Audit

Privacy and Electronic Communication (PECR) Audit

Gain independent assurance of your PECR compliance posture – our specialists will conduct a high-level audit of your privacy practices to ascertain your compliance position and offer recommendations for remedial action.

Enquire today
Price: £0.00
Excluding VAT

Key audit areas

The PECR audit gives a high-level evaluation of the organisation’s compliance. The scope of the audit includes:

  • Whether and to what extent PECR activities are ingrained in the organisation from director-level to staff who process data;
  • How risks are managed and what processes are in place to assess them;
  • Security measures such as access limitation, policies and procedures;
  • The privacy notice, data subject records and how data subject’s rights are facilitated;
  • Staff training and records of training;
  • Third parties and transfer methods;
  • The information security management system; and
  • Breach processes.

Who should get a PECR audit?

This service is valuable for organisations working through a PECR compliance programme. It’s essential to get an independent audit to finalise the PECR compliance project and progress into a monitoring phase.

The PECR apply to organisations that provide a public electronic communications network or service, or if you market to customers by phone, email, SMS or fax. It also applies if you use cookies or compile a telephone directory.

What to expect

First, the consultant will remotely review relevant policies, procedures, guidance and training material. Then they will come to your offices (where possible) to conduct face-to-face interviews with staff and to assess security measures. 

You will receive a report with a summary of the findings, an audit opinion, detailed findings against predefined risks, and recommendations. We will need access to certain information for the project, such as the relevant procedures and records, or time with specified staff members.


  • Get a thorough understanding of your PECR compliance.
  • Reassure stakeholders and customers that their data is being used appropriately.
  • Ensure the legality of your marketing practices, avoiding expensive fines.

Why choose GRCI Law?

  • Our specialist team has extensive data protection and information security management expertise.
  • We have an in-depth understanding of PECR.
  • We provide complete support to help organisations prepare for and demonstrate compliance.
  • You will have access to a dedicated account manager throughout the audit.

Key Contacts




About us

Led by our management team of experienced DPOs (data protection officers), lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and data subject access request support, and associated non-reserved legal services.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts who will be able to assist with your enquiry and provide guidance options.

Enquire today