Please take note:
This content is aimed at giving the reader a high-level overview of GDPR requirements when it comes to direct marketing. It also has a UK bias, with e.g. references to the UK’s ‘Telephone Preferential Service’ or ‘TPS’.
What activities does the GDPR cover in relation to ‘direct marketing’?
It applies whenever you collect and use an individual’s (or a business) personal data – including their name, contact details, and any other information about them (even if you are just holding the information on your database). That includes writing to someone, sending them an email, or calling them on the phone. The rules don’t usually apply where you aren’t using ‘personal’ information, for example if you were sending direct mail to ‘the Homeowner’ rather than using an individual’s name and address – BUT, you need to check whether you might actually be using / storing their personal data in the background – this is still ‘processing’.
As mentioned, communication methods vary and each method attracts its own conditions and rules. And these rules may vary depending on whether you’re sending to individuals (including sole proprietorships or partnerships), or to companies and corporate bodies. In most cases you will need to have the consent of the individual or business – meaning that they would need to have opted in to receiving the communications, and in all cases, they must be given the chance to opt-out of receiving any future communications.
The following is an at-a-glance view of the rules as presented by the UK’s Information Commissioner’s Office.
Communication Channel | Individuals (including sole traders and partnerships) | Companies and corporate bodies (B2B) |
| Live calls | Screen against the TPS Can opt-out | Screen against the Corporate TPS Can opt-out |
| Recorded calls | Need specific consent | Need specific consent |
Emails or texts | Need specific consent; OR The ‘soft opt-in’*** | Can email or text corporate bodies Good practice to offer opt-out Individual employees can opt out |
| Faxes | Need specific consent | Screen against the Fax Preference Service (FPS) Can opt out |
| Direct mail | Name and address obtained fairly Can opt out | Can mail corporate bodies Individual employees can opt out |
***Soft opt-in (Note: in most cases this won’t apply to fundraising)
This is a specific provision to allow for an opt-out approach for email and text in certain limited circumstances. The way the soft opt-in works is as follows:
You obtain the email address / mobile number during a sale or negotiations for a sale – the language here is unambiguously commercial and there is no scope for interpreting a donation as a sale
You give the person an opportunity to opt-out at the point of obtaining the data
You send them emails or texts about similar products or services to the one they bought / were looking at when you obtained their details
You give them an opt-out opportunity in every message you send to them
If you would like to know how our service might enable your organisation's GDPR compliance journey, please visit us here
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018