Are you a marketer who uses a website, landing pages, e-marketing or post to collect personal data? It may be that you ask for data in return for a free download, entry into a prize draw, or to gather audience opinions via a survey? In the sixth of our blog posts about the upcoming GDPR (General Data Protection Regulation), we’re examining how GDPR affects your electronic and postal marketing.
First of all, from 25 May, personal data must be collected for ‘specified, explicit and legitimate purposes’. What does this mean? It’s about ensuring that, where you ask for consent for processing personal data, you are clear about what you are using it for. Marketers need to be transparent, collecting data for specific, explicit and legitimate purposes.
As long as you are clear with people about how their data will be used, you should be fine. But stating ‘for marketing purposes’ isn’t specific enough any more once GDPR kicks in.
And lead generation doesn’t give marketers the right to keep data and use it whenever they see fit. So, plan your lead generation campaigns early to avoid running into problems.
GDPR and electronic marketing to individuals and businesses
The most important thing to remember is that you can only carry out unsolicited electronic marketing if the person you’re targeting has given you their permission. But there are exceptions, which apply only:
- Where you’ve gained a person’s details during a sale, or negotiations for the sale or a product or service
- Where messages are only marketing similar products or services
- Where the person is given an opportunity to refuse marketing at the point their details are collected – and if they don’t opt out then, that there’s a simple way to do so in any future communications
You must tell the person receiving your e-marketing who you are and provide a valid contact address.
And it’s worth noting that The Telephone Preference Service (TPS) and Fax Preference Service (FPS) are operated by the Direct Marketing Association. They allow people to register their numbers to opt out of receiving unsolicited calls or faxes. You must not market individuals or organisations who have registered their numbers with the TPS or FPS.
GDPR and postal marketing to individuals and businesses
Postal marketing, such as letters, campaigns, flyers and response forms are also included in the regulations.
Useful GDPR resources
If you’re a marketer and are still unsure about what GDPR means for you, the Information Commissioner’s Office (ICO) guide to GDPR for marketers is a good place to start. There you’ll find a Guide to Privacy and Electronic Communications Regulations. This explains how to apply GDPR – with practical examples and answers to frequently asked questions. There are also self-assessment checklists to help you understand compliance, and a privacy notice checklist to help you create compliant privacy notices.
We recommend that, to be GDPR compliant from 25 May, your marketing campaigns are always:
- Explicit about exactly what the personal details will be used for
- Clear about how people can opt out of marketing messages
You should also have a proper system in place for storing the data, being able to remove data as and when it is requested, and for dealing with complaints.
Find out why GDPR is an opportunity not a threat for businesses.