Marketing has been made much more complex since the new laws were introduced on the 25/May/2018. The regulation has cut dramatically the amount of marketing emails that can be sent to EU citizens.

​

The regulations impose much more stringent rules. There are no restrictions on sending solicited marketing – that is, marketing material that the person has specifically requested. The direct marketing laws apply to unsolicited direct marketing. Note also that the rules for marketing do not apply to administrative messages.

​

We need to satisfy all the regulations if we are sending direct marketing emails from the UK. These are;

​

·         The General Data Protection Regulation (GDPR)

·         the Data Protection Act 2018(DPA) and the

·         Public Electronic Communications Regulation (PECR). PECR is more onerous than the other                     regulations.

​

What do we mean by direct marketing and unsolicited messages?

​

The scope covers an electronic message that consists of text, voice, sound or images – For example email, text, picture, video, and pre-recorded voice messages.

 

Direct marketing is defined as a message that is trying to sell goods or services, or, is promoting the values or beliefs of an organisation.

 

Unsolicited marketing is marketing that has not been specifically asked for. 

​

To perform direct marketing, we need “Safeguards” in place. These are detailed below.

 

1.       Collecting information for marketing.

​

          At the point of collection of information certain information must be notified to the individuals;

·         We must provide the identity of the company doing the marketing (The legal entity name)

·         You must tell individuals the purpose for the collection of the data (For instance to send them                          marketing material)

·         You must provide any information which is necessary to make the processing of the individuals data                fair- to be open and honest with individuals about how you are going to use their personal data. This              information is normally made available on the company website on a privacy notice. We have the                    above in place on our privacy notice and we can direct our customers to our website if they ask.

​

2.       Information to be provided in all marketing emails

​

All emails should clearly display the companies;

·         identity and your address

·         the company registration number

·         the registered office address, and for direct marketing emails;

·         importantly we need an unsubscribe link and

·         we also need to maintain a list of those who unsubscribed and ensure we do not engage in           direct marketing to them again.

​

3.       Permission to market

​

When collecting permission to market a customer;

·         we ideally need to go for positive opt-in to marketing statements as much as possible as               opposed to a  “Do you want to opt-out statement”

·         when we collect permission, we make available the Privacy Notice at the time of collection

·         we do not have pre-ticked consent boxes

·         opting out of marketing should present no cost other than sending the message to opt-               out. For example, it is not acceptable to deny the service because the customer has opted-           out.

·         compliance of opt-out messages must be done promptly, and marketing should not be                 sent to those that have opted out

·         we need to have a procedure in place to deal with complaints and our customer services               staff need to be trained to deal with this

·         when we receive an opt-out request we suppress the contact details and don’t delete them           to keep a record of our opt-out to marketing

·         We must normally only market comparable products.

​

4.       Before we engage in a direct marketing campaign

​

·         It is advisable to consult the Data Protection Officer (DPO) and check that it is lawful

·         All contacts must be screened against any preference service lists run by national bodies w           here individuals have opted out of direct marketing for example the TPS (Telephone                     Preference Service) for telemarketing or MPS (Mail Preference Service). Note that if a                     telecoms company receives complaints that SMS messages are spam they could block the             sender.

·         If we have transferred EU citizens data out of the EU we need protective model contract                 clauses.          

·         If we are using the lawful basis of legitimate Interest, we need a risk assessment called the             Legitimate Interest Assessment (LIA) in place. This is prepared by the DPO.

​