Status:
Maintained
What is direct marketing?
Direct marketing consists of any advertising or marketing communication (whether trying to sell a product or promoting an organisation) that is directed to particular individuals or companies, and includes market research calls.
Why do you need to comply with rules on direct marketing?
You need to comply with law and regulation on direct marketing to avoid the risk of:
Regulatory framework
The main laws and regulations relating to direct marketing are:
- Data Protection Act 1998 (DPA) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/ 2426) (Privacy Regulations). Using personal data for marketing purposes is subject to regulation. Individuals (data subjects) have rights in relation to their personal data, including the absolute right to object to their personal data being used for marketing purposes under the DPA. Individuals need to be informed that their personal data will be used for marketing and given the option to opt out. In some cases, they must opt in, for example, for most fax and e-mail marketing. Customers who are individuals should be provided with an easy way to opt out. As well as personal opt-outs, there are preference services which traders must consult when planning telephone and fax marketing campaigns and it good practice to consult the preference services for mail and e-mail.
- Consumer Protection from Unfair Trading Regulations 2008 (SI 2008/1277) (CPRs). The CPRs are enforced by trading standards authorities and the OFT. Regulation 3 of the CPRs prohibits unfair commercial practices generally. Direct marketing is a commercial practice. A commercial practice is unfair if it contravenes the requirements of professional diligence (and materially distorts the economic behaviour of the average consumer in relation to a product (or is likely to do so)), for example, giving misleading information about a product to encourage a customer to buy it. Schedule 1 to the CPRs lists 31 practices which will always be considered to be unfair. An example would be promoting a prize draw in a marketing e-mail without awarding the prizes described or a reasonable equivalent. Another example would be making persistent and unwanted solicitations by telephone, fax, email or other remote media (such as mail).
- UK Code of non-broadcast Advertising, Sales Promotions and Direct Marketing (www.practicallaw.com/2-384-7146) (CAP Code). The CAP Code is administered by the Committee of Advertising Practice (CAP). However, it is enforced by the ASA which can refer persistent offenders to the OFT. The CAP Code contains general rules about advertising as well as good database practice.
- Code of Practice of the Direct Marketing Association (DMA). The DMA is the national trade association for the direct marketing industry in the UK. The Code is enforced by the Direct Marketing Commission.
How to comply and potential pitfalls
Main considerations
Individuals have rights in relation to their personal data. Use of personal data for direct marketing purposes is subject to regulation.
Personal data includes, among other things:
- Names.
- Addresses.
- E-mail addresses.
- Telephone numbers.
- Location data.
- IP addresses.
- Expressions of opinion about individuals.
- CCTV images.
In certain circumstances, it can include anonymised or aggregated data.
Some personal data is sensitive, including details about:
- Health.
- Criminal record.
- Sexual orientation.
- Trade union membership.
- Racial or ethnic origin.
- Political or religious views.
This information must, therefore, be treated with special care (section 2 and Schedule 3, DPA).
Individuals have an absolute right to object to their personal data being used for direct marketing purposes (section 11, DPA).
Collecting personal data
When you collect personal data, it is important to ensure that the individuals concerned understand that you may use their data for marketing purposes and to give them the opportunity to opt in or out of contact.
You will need to provide individuals with a fair processing notice, which sets out what you will do with the personal data once you have collected it.
It is good practice to have a privacy statement on any website that collects personal data, which should also set out your fair processing notice.
Storing customer data
Customer data, whether in electronic or paper form, must:
- Be stored in a secure manner and must be disposed of carefully. It is important to consider that some of the data may be sensitive.
- Be kept up to date, and must be relevant and accurate.
- Not be left lying around on printers or desks, and do not download it onto portable media without permission or encryption.
It is good practice to treat businesses the same way as individuals, so you should ensure your storage process also applies to data of business customers.
Marketing by post or telephone
An individual may have registered with the Mail Preference Service (MPS) to say that they do not want to receive direct marketing material by post. It is good practice to check databases against the MPS and take account of the individual's preference, although this is not a legal requirement. However, screening against the MPS is required under the CAP Code and the DMA Code.
If you are carrying out telephone marketing (including sending SMS), you need to check your database regularly with the Telephone Preference Service (TPS) to ensure that the people (businesses and individuals) you are calling are not registered. This is a legal requirement under the Privacy Regulations.
You can make marketing calls, or send direct marketing by post, to people on your database unless they have said that they do not want to receive the calls or post.
Marketing by SMS, fax or e-mail
To market by SMS or e-mail you will generally need prior permission from individuals, but not businesses.
If the individual is an existing customer, you may be able to market similar products to them without prior express consent. This rule is called the "soft opt-in" and applies where:
- You have obtained the individual's details as part of the sale, or negotiations for the sale, of a product or service to that person.
- The marketing message contains only a similar product or service.
- The customer has a simple means of refusing unsolicited marketing at the time their details are collected and if they do not opt-out, they are given a simple way of doing so in every future message.
If you are carrying out marketing by fax, check your database against the Fax Preference Service regularly. This is a legal requirement under the Privacy Regulations.
If you want to distribute e-mail marketing, it is good practice (and consistent with the preference services of other means of marketing) to regularly check your databases against the E-mail Preference Service. However, this is not a legal requirement.
Dealing with opt-out requests
When dealing with opt-out requests, consider the following:
- Ensure that whenever you contact a customer you provide a clear statement of the marketing company's identity and contact details.
- Individuals can opt out of marketing contact at any time. The only cost to the customer of opting out should be the cost of sending the message; they must not incur a premium rate charge. It is important to record such requests accurately and to act on them promptly.
- It is good practice to include an opt-out opportunity on all pieces of direct marketing, whether sent by mail, e-mail or SMS.
- If someone calls your call centre, a recorded message should let them know that they may opt out of marketing contact and how to do so.
- Opting in or out of marketing contact should be made as simple as possible for the individual, for example, by providing a link to unsubscribe in an e-mail, or allowing individuals to text STOP to a given number.
- If someone opts out of marketing, ensure that you retain their record on the system and note that they have opted out (known as "suppressing" the details). If you simply delete their details, you may obtain their data later from another source and will not know that they have opted out of marketing contact.
- It is not acceptable to rely on silence as an opt-in. You need some positive action by the customer, such as returning a form or an e-mail.
- If someone has opted in to marketing contact from your organisation but is listed on a preference service, you can market to them if the opt-in is more recent than the preference service registration.
Current developments
Greenwashing. Many advertisers are keen to promote their eco-friendly credentials, especially in the light of the new duty for directors to consider the impact of their company's operations on the community and the environment when promoting that company (section 172, Companies Act 2006). Many organisations are falling foul of the ASA because their claims to be environmentally friendly cannot be substantiated. The ASA has issued guidance for advertisers on eco-friendly claims and the latest edition of the CAP Code contains new rules on environmental claims. See Practice note, Making green claims in advertising (www.practicallaw.com/7-382-2493).
EU proposals on spam. The European Commission has passed legislation in the revised E-Privacy Directive (2002/58/EC), giving legal persons, with a legitimate interest in combating the sending of unsolicited commercial e-mails ("spam"), the right to take legal action against spammers in civil proceedings. In particular, this would enable ISPs and consumer protection organisations to take action against spammers that are placing a strain on the ISPs' networks. However, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208) which implement the amendments to the E-Privacy Directive do not contain this provision.
Key reading
Resource history
Show resource historyHide resource historyResource createdWe will track here amendments to this resource that reflect changes in law and practice.