If your business uses bought-in marketing lists or other ways of getting people to subscribe to a list or service, it is important to review the latest guidance on electronic digital marketing, which has been issued by the Information Commissioner’s Office (ICO). The guidance issued is specifically for businesses using electronic direct marketing in the following ways:
- Email marketing
- Text, picture or video messaging
- Automated calling systems
What can happen if you don’t take notice?
The ICO has recently issued a lead generation firm with a record penalty notice of £350,000 for making more than 46 million automated calls without the prior consent of the individuals being called. Other potential penalties include:
- Commercial and reputational issues
- Possible criminal penalties
- The potential to be banned from trade bodies
How should you collect data for marketing purposes?
Businesses must make sure that individuals are aware that their data will be used for marketing and other purposes, when it is being collected. The most effective way to do this is to issue a Fair Processing Notice (FPN) also known as a Privacy Notice. This should be given or sent to an individual to explain who will be using their personal data and what they will be using it for.
If your business collects data via a website, a Privacy Notice should be prominent and easy to locate. Furthermore, take legal advice if your business intends to collect financial information such as bank account numbers via a website, as there are security implications that you will need to be aware of.
Obtaining data from external sources
Businesses should ensure that it obtains the rights that it needs to use an external database, ideally by taking legal advice before purchasing one. Before an external database can be used, the business must introduce itself to the contacts and explain how it intends to use their data (a Privacy Notice can be issued here).
If marketing via automated calling systems, SMS, email and fax marketing to individuals, a business must obtain prior consent for marketing purposes from individuals. This means that if you are buying a list, you must make sure that the seller has informed the individuals that they will be contacted via these marketing methods and that the individual has given consent to the seller, which covers third party usage of their data by you.
Always check whether the individuals in the database have signed up to the following preference systems:
- TPS: Telephone Preference Service
- MPS: Mailing Preference Service
Check new databases against any that you already have to ensure that no-one on the new database has already opted out of receiving marketing from your business.
Rules for opting in and out
- Businesses must make it simple and easy for people to opt in and out of receiving marketing. For example, by clicking an unsubscribe link in an email.
- Businesses must retain details of opt out requests so that these individuals are not contacted again in the future.
- It is not acceptable to include opt in boxes that are pre-ticked. Opting in requires an action from an individual, so they must tick an opt in box themselves for it to be valid.
Advice about electronic direct marketing
The information above covers just some of the advice and guidance issued by the ICO – there are further guidelines which need to be considered to be compliant when using, storing and sharing data. For further advice specific to you and your business, contact our specialist team of corporate lawyers using the telephone numbers below.
Leicester 0116 254 8871
Hinckley 01455 639 900
Market Harborough 01858 467 181