What we know about the ePrivacy regulation so far

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday


If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer


Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

By now, if you haven’t heard of the General Data Protection Regulation (GDPR), it’s likely you’ve either been asleep or living under a rock for the past year.

However, when it comes to the legislation’s electronic comms counterpart – the ePrivacy Regulation (ePR) – there’s less chance you’ll have given it much thought, or even recall it being mentioned at all.

So, what exactly is it?

Originally intended to come into force at the same time as the GDPR, the new European ePR has been drafted to work in conjunction with the wider data protection legislation and will replace the UK’s existing Privacy and Electronic Communications Regulations (PECR).

However, amidst all the GDPR panic – and largely down to the fact that the finer details are yet to be finalised – the ePR seems to have been forgotten. Many are now saying it’s unlikely at this stage that it will be implemented on the 25 May 2018, but that’s yet to be confirmed.

And what will it entail?

Like the GDPR, the ePR will be applicable to all organisations worldwide that provide services to EU citizens. Although little has been confirmed or denied about the new regulation since the initial proposal was published by the European Commission in January 2017, there are a few key things we do know that it’s worth being aware of so far…

  • Cookies

    The main takeaway point from the proposal is that cookies will no longer be website-specific, so those annoying permission banners that pop up when you visit a new page will be gone – or rather replaced by privacy notices. Website users will instead be able to select their default privacy settings when configuring their browsers, giving them greater control over the private information that’s stored on their devices.

    With more of a focus on browser settings, the regulation aims to cover issues surrounding ad-blocking and WiFi location services too. However, some have expressed worry that blocking cookies by default could actually damage the user experience.

  • Electronic comms

    As well as emails, the new regulation will apply to all channels delivering comms via the internet – including messaging apps like WhatsApp and Facebook Messenger, and VoIP providers such as Skype.

    Collectively known as ‘over-the-top’ services, any comms sent through these channels will have to follow the rules set out in the ePR relating to consent and content. The intention is to more tightly control how these platforms are employed to target users, as well as the metadata involved within the transmission of these messages.

  • B2B marketing

    A particularly shady area within these new regulations, rules governing B2B marketing comms are also expected to be included in the finalised ePR.

    At this stage, the choice for marketers seems to be that they can either choose to rely on legitimate interest for B2B communications – and have adequate evidence to back their claims – or actively seek consent from those they wish to contact.

  • Opting in

    This is another slightly blurry area of both the GDPR and ePR, with the ICO stating that the latter “tightens the rules on marketing, with the default position being that all marketing to individuals by phone, text or email must be opt-in”. However, the soft opt-in option that exists now will still be applicable in certain situations, which has created some confusion.

    For instance, it’s likely that promotional comms sent to existing clients and customers will still be permitted – as long as the messages relate to similar products or services. The crucial thing to remember is that recipients must be given the option to opt-out via easily accessible unsubscribe buttons/other interactions.

  • Security and breaches

    To avoid duplicating the security obligations outlined within the GDPR, the ePR won’t cover these, which will hopefully help to simplify the responsibilities that businesses have. As an extension to these, it does introduce the need to notify customers of specific security risks, so it’s worth keeping an eye on how this pans out.

    Plus, when it comes to breaches of the regulation, the two-tier fine system is the same as that of the GDPR – up to £17 million, or 4% of global turnover. It goes without saying that the penalties are extreme, with some claiming that this is to make the cost of compliance efforts seem minimal by comparison – but we’ll let you make up your own mind on that one!

What’s next?

Well, the general consensus seems to be that companies should focus on getting over the GDPR compliance hurdle first, then keep up that momentum to leap over the ePR one – whenever it makes an appearance down the line. Hopefully we’ll have some idea of just how high we’re going to have to jump sooner rather than later!

The key thing to remember is that the GDPR is the over-arching legislation governing the security of personal data, whilst the ePR sits under this wider regulative umbrella and rules how you use it.

For further updates on the ePrivacy Regulation, keep an eye on our blog! And if you’re after some clear guidance about GDPR compliance, just get in touch.

What we know about the ePrivacy regulation so far