GDPR365 Direct marketing - at a glance

Please take note:
This content is aimed at giving the reader a high-level overview of GDPR requirements when it comes to direct marketing. It also has a UK bias, with e.g. references to the UK’s ‘Telephone Preferential Service’ or ‘TPS’.

What activities does the GDPR cover in relation to ‘direct marketing’?

It applies whenever you collect and use an individual’s (or a business) personal data – including their name, contact details, and any other information about them (even if you are just holding the information on your database). That includes writing to someone, sending them an email, or calling them on the phone. The rules don’t usually apply where you aren’t using ‘personal’ information, for example if you were sending direct mail to ‘the Homeowner’ rather than using an individual’s name and address – BUT, you need to check whether you might actually be using / storing their personal data in the background – this is still ‘processing’.

As mentioned, communication methods vary and each method attracts its own conditions and rules. And these rules may vary depending on whether you’re sending to individuals (including sole proprietorships or partnerships), or to companies and corporate bodies. In most cases you will need to have the consent of the individual or business – meaning that they would need to have opted in to receiving the communications, and in all cases, they must be given the chance to opt-out of receiving any future communications.

The following is an at-a-glance view of the rules as presented by the UK’s Information Commissioner’s Office.

Communication Channel
Individuals (including sole traders and partnerships)
Companies and corporate bodies (B2B)
Live calls
Screen against the TPS
Can opt-out
Screen against the Corporate TPS
Can opt-out
Recorded calls
Need specific consent
Need specific consent

Emails or texts
Need specific consent; OR
The ‘soft opt-in’***
Can email or text corporate bodies
Good practice to offer opt-out
Individual employees can opt out
Faxes
Need specific consent
Screen against the Fax Preference Service (FPS)
Can opt out
Direct mail
Name and address obtained fairly
Can opt out
Can mail corporate bodies
Individual employees can opt out

***Soft opt-in (Note: in most cases this won’t apply to fundraising)
This is a specific provision to allow for an opt-out approach for email and text in certain limited circumstances. The way the soft opt-in works is as follows:

You obtain the email address / mobile number during a sale or negotiations for a sale – the language here is unambiguously commercial and there is no scope for interpreting a donation as a sale
You give the person an opportunity to opt-out at the point of obtaining the data
You send them emails or texts about similar products or services to the one they bought / were looking at when you obtained their details
You give them an opt-out opportunity in every message you send to them

If you would like to know how our service might enable your organisation's GDPR compliance journey, please visit us here

The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018

R
Russell is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.