Data Protection and Direct Marketing

Direct marketing consists of any marketing that relies on direct communication with individuals (data subjects). You are most likely on the receiving end of direct marketing within your business and personal life most days of the week. 

There is more than a little confusion about what is acceptable under the law, or indeed which regulations cover the various aspects of personal data held for direct marketing purposes.

The ICO guidance describes direct marketing as ‘an important and useful tool that helps organisations engage with people to grow their business or to publicise and gain support for their causes.’ 

It does also acknowledge the intrusive nature of poorly conducted direct marketing, and the negative impact this can have on people’s rights and freedoms. 

The Regulations

There can be some confusion in the minds of those carrying out direct marketing about the regulations that govern their activities. GDPR has been the term in circulation for the last few years. 

Thus, it is generally assumed to be the only regulation that matters. 

PECR is the Privacy and Electronic Communications Regulations. PECR sits alongside the GDPR but is not replaced by it. GDPR covers the processing of personal data where PECR relates specifically to electronic marketing and has specific rules on marketing calls, emails, texts, faxes, and cookies. 

So, you will need to comply with PECR if you carry out direct marketing by phone, email, text, or fax. Equally it will apply if you use cookies or a similar technology on your website or compile any form of publicly accessible directory.

Solicited and Unsolicited Marketing.

Most of the rules in PECR only apply to unsolicited marketing messages. 

They do not restrict solicited marketing. What is the difference? A solicited message is one that is actively requested by an individual, such as a request for product information or a quotation. PECR does not control these activities, although ‘you must still say who you are, display your number when making calls, and provide a contact address.’

An unsolicited message is any message that has not been specifically requested, such as the examples above. Even if a potential customer has ‘opted in’ to receive marketing messages from you it is still ‘unsolicited’. An opt-in means the customer agrees to future messages (and is likely to mean that the marketing complies with PECR). 

This is not the same as someone specifically contacting you to ask for particular information. This does not make all unsolicited marketing unlawful however, if you comply with PECR. What counts as consent, it’s giving, withholding and renewal is a complex subject on its own and is best tackled at another time. 

If you have concerns about how any of these regulations impact on your marketing activities, get in touch with CSRB to discuss how we can assist with ensuring you remain compliant with all aspects of PECR and UK GDPR. The ICO supplies a very useful checklist to help you understand what is allowable and is a good place to start, before contacting CSRB. 

Direct marketing covers the promotion of aims and ideals as well as the sale of products and services. This means that the rules will cover not only commercial organisations but also not-for-profit organisations such as charities, and political parties. 

One issue to bear in mind is that at least some direct marketing is still communicated from outside the EU and UK. This is much harder to regulate, but its existence does not absolve UK marketing organisations from their responsibilities under UK GDPR and PECR regulations. 

To be certain that you are complying with PECR and UK GDPR in your direct marketing activities the first step is to talk to CSRB. We can help you with what you are legally required to do and why. We will also take the jargon out of the process. 

Please get in touch with us here or call 0117 325 0830 to learn more about how we can bring clarity to your data management processes.