ICO Issues New Direct Marketing Guide
The Information Commissioner’s Office (ICO) has recently updated its free Direct Marketing Guide in light of the recent announcements regarding the imminent changes to GDPR (General Data Protection Regulations).
It is also with the aim of better informing not-for-profit organisations (such as charities) of their obligations following a spate of, shall we say “less than favourable publicity” for this sector.
For anyone involved in the Direct Marketing world, the ICO’s Direct Marketing Guide is a great way to familiarise yourself with current legislation surrounding this activity, as it is written in very user-friendly text and straight from the horse’s mouth. Here is an overview of some of the more pertinent points (though we still recommend the full Direct Marketing Guide be read and understood):
The Data Protection Act (DPA)
The Data Protection Act details 8 principles that must be adhered to when handling and/or processing personal information. The most relevant of those principles are:
Principle 1 – Personal data must be handled fairly and lawfully
Principle 2 – Personal data must only be used for the purposes it was specifically collected for
Principle 4 – Personal data must be accurate and kept up to date
In addition to this, you must respect the wishes of anybody who requests the cessation of further Direct Marketing activity.
Privacy and Electronic Communications Regulations (PECR)
PECR was set to compliment the DPA and relates specifically to electronic communications as a means of contact. In many ways, it is broader in its reach than DPA, since it relates to all electronic communications and not just sales and marketing. It must therefore be understood fully by any company engaged in contacting customers and prospects alike via any electronic channel (email, text, telephone etc).
Market research is a very useful way for many companies to find out information and thus enable informed decision-making to be made about potential commercial / policy-related activities. Genuine market research can be carried out by telephone without the need to screen against the Telephone Preference Service register (though all other requirements of DPA and PECR must be adhered to).
Sugging is the activity of selling under the guise of research. In other words, opening a call with the stated intention of information gathering only, then later (either during the same call or at a later date) moving onto a sales pitch. Such activity is strictly forbidden and in breach of DPA.
Charities, Not-for-Profit Organisations, Political Parties etc
Certain types of contact from these organisations which might not immediately spring to mind as being covered by DPA and PECR do still fall within the realms of DPA and PECR. For this reason, the new Direct Marketing Guide explains at length what types of contact need careful management to ensure compliance with the law, including a number of case studies and examples. If you are one such type of organisation, it is well worth becoming particularly familiar with this part of the Direct Marketing Guide.
Consent – Opt-ins and Opt-outs
I will refrain from listing specifics here in this blog since this section goes into some detail (this being an area oft-misunderstood). The Direct Marketing Guide clearly defines what constitutes consent and gives detailed examples of both good and not-so-good practices together with suggestions for businesses to adopt.
Types of Marketing Contact
Companies must adhere to specific rules when making marketing calls, for example screening against the Telephone Preference Service (TPS) and Corporate TPS registers prior to making the calls. They must similarly ensure requests to cease such calls be actioned immediately and without making it difficult for the party concerned (i.e. by asking they fill in a form).
The same principles apply for marketing texts, emails and faxes etc – consent is required and the option to easily opt-out must be included and actioned when requested.
The Direct Marketing Guide is a great way of familiarizing yourself with your obligations as an individual and as a company. To this extent, we strongly recommend that you take the time to read it and understand its implications since there seems little doubt that the rules and laws regarding DPA and PECR are only going to get tighter and the actions were taken against those who flout the laws are only going to get stronger, as we head towards GDPR.