Answer ... Direct marketing: The UK Data Protection Act 2018 (DPA 2018) defines ‘direct marketing’ as “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”.
This covers all advertising or promotional material, including charity or political party campaigning for support or funds. For marketing to fall within this definition, the marketing must be directed to particular individuals and capture all relevant electronic messages (eg, calls, faxes, texts and emails) that are directed to someone.
This is differentiated from genuine business-to-business marketing, for which the rules are much simpler; but any marketing campaign must be carefully analysed to determine whether it is business to consumer or business to business.
Genuine market research does not count as direct marketing. However, if a survey includes promotional material or is collecting details to use in future marketing campaigns, the survey is for direct marketing purposes and therefore the rules apply.
Correspondence with customers to provide information that they need about a current contract or past purchase (eg, information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs) does not constitute direct marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services, or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.
Consent: A person’s consent will often be needed before sending him or her an electronics marketing message. If consent is being relied upon, in order for this to be valid it be must given freely, clearly and specifically as part of the individual providing consent. It must explain to the individual the organisation and the type of communication that will be used. This information must be accessible and easy to understand. In order for a person to consent, there must be a positive action to take in order to demonstrate consent (eg, clicking a box, sending an email).
The clearest, most unambiguous way to obtain consent is to ask the customer to tick an opt-in box confirming that he or she is happy to receive marketing calls, faxes, texts or emails. However, very often, approaching customers to obtain consent can itself be considered direct marketing and so must not be done without consent. There are various rules on this and a marketing campaign can be constructed in such a way so as not to breach these.
Organisations should keep clear records of what a person has consented to, and when and how this consent was obtained. This is helpful to demonstrate compliance. Organisations must bear in mind that consents do not last forever and must be renewed periodically.
Particular care should be taken when relying on consent obtained indirectly (ie, consent originally given to a third party). It is important to ensure that the consent is valid and specifically and clearly identifies the organisation that will be directly marketing. Generic consent covering any third party is not sufficient.
Consents must also be granular, ideally broken down by channel (eg, email, telephone, in person) and by purpose, with it being possible to accept all or none of the various options.
Customers are entitled to withdraw their consent at any time they wish. Individuals must be made aware of this right: it must be easy for them to withdraw consent and clear how they can do so.
Crucially, lists must be maintained of people who have objected to marketing – for example, by unsubscribing, as well as by withdrawing consents. Future marketing campaigns should then be screened against these suppression lists.
Difference between ‘opt in’ and ‘opt out’: ‘Opt in’ means that a person must take a specific positive step (eg, ticking a box, sending an email or clicking a button) to confirm that he or she is happy to receive marketing. ‘Opt out’ means that a person must take a positive step to refuse or unsubscribe from marketing.
Automatically pre-ticked opt-in boxes do not constitute genuine consent under the GDPR and so must be avoided. An ‘affirmative’ method of getting consent must be used – for example, blank tick boxes.
PECR: If an organisation is carrying out marketing through channels such as telephone calls (both live and automated), faxes, emails, text messages and other forms of electronic messages, it must also consider the PECR rules, rather than just relying on compliance with the GDPR or the DPA 2018.
The PECR must be complied with by both the instigator and the marketer. If the ICO needs to take enforcement action, it will usually be against the instigator. In some cases, the ICO may also consider taking action against a specialist subcontractor if it deliberately or persistently ignores the rules. This means it is important for organisations to negotiate contracts correctly if using a third-party service provider to run its marketing campaign.