Direct marketing is one of the most important issues in the field of data protection. It’s also where there are an increasing number of abuses and, depending on your business sector and the categories of personal data you hold, your exposure may be higher than normal.
The GDPR’s impact on direct marketing is that it provides an overarching requirement to obtain an individual’s opt-in consent to contact them by email or SMS. Under the GDPR, such consent must be freely given, specific, informed and unambiguous. It also has to be explicitly brought to the attention of the individual and presented separately from any other information, including your terms and conditions of business.
There are 4 main types of marketing – direct mail, telephone, email and SMS. In relation to direct mail and telephone marketing, you need to be aware of the “preference services” that apply to both.
There is an exception to this in the form a “soft opt-in” which assumes that a data subject has opted-in to receive email or SMS marketing from you. However, you may only rely on this if you satisfy the following requirements:
- The individual’s details must have been obtained in the course of a sale or negotiation with you provided that the individual did not opt out of receiving such communications
- The email or SMS must relate to similar products and / or services to the previous sale or negotiation
- Your identity must not be concealed &
- The email or SMS must contain a simple and free means of opting out (commonly an “unsubscribe” button).
If you’re going to rely on a “soft opt-in”, you need to ensure that the recipients of the email/SMS are existing clients or customers that you have conducted business with and that your mailshot is promoting similar products or services. If any of the above requirements are not met, then you will need to obtain express consent and have an audit trail evidencing this.
If we can assist you or your business in any way, or if you have any questions in relation to the services that we offer, please contact us. We look forward to working with you.
Direct Marketing Checklist
- Have you reviewed your current policies on direct marketing and data protection?
- Have you reviewed your existing consents and where necessary obtained new consents to ensure GDPR compliance?
- Have you a detailed audit trail to demonstrate the consents sought and obtained?
- Do you have a Privacy Notice accessible to all data subjects prior to collecting their personal data?
- Have you contacted the Telephone or Mailing Preference Service for mail or telephone marketing?
- Can you meet the requirements to rely on a soft option?
- Do your systems accommodate a withdrawal of consent, if received from a data subject?