Compliance in Marketing

ICO PUBLISHES NEW DIRECT MARKETING GUIDANCE AND RESOURCES – FSB Legal Hub, 19 January 2023

The Information Commissioner’s Office (ICO) has produce a range of detailed guidance and resources to assist organisations and businesses to conduct their direct marketing activities lawfully.

The guidance sets out what businesses need to know to make sure that any direct marketing which they undertake is lawful. The law is contained the both the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations 2003 (as amended) (PECR). Failure to comply with these rules can lead to substantial fines and court proceedings. The new guidance includes:

• Step-by-step general direct marketing guidance.

• A guide to PECR and training resources.

Separate sets of direct marketing guidance specifically written for small businesses, and in relation to B2B marketing

• A direct marketing checklist, a set of FAQs and a table of methods for sending direct marketing which also summarises

Privacy and Electronic Communications Regulations (PECR) requirements and guides users towards choosing the right lawful basis for processing personal data.

Whilst obviously this is designed to help business fulfil their legal obligations in this regard, it’s also hoped it will reduce the ICO’s enforcement burden by empowering organisations through information, and leave those who fail to take advantage of the guidance vulnerable to more targeted and proportionate enforcement action.

ICO Direct marketing guidance

• Direct marketing is important. It can help you grow your businesses and further your aims, add value to the customer experience and increase trust and confidence in your brand or organisation.

• This guidance will help you do direct marketing responsibly. It is a practical guide for those conducting direct marketing or those involved in it. It explains what you have to do to comply with the law and gives you good practice recommendations. It covers the following steps:

Step 1: Identify

Does what you want to do count as direct marketing? Remember, direct marketing covers promoting aims and ideals as well as selling products and services.

Step 2: Plan

Take a data protection by design approach, planning how you will protect people’s information from the start. Think about what information you want to use and how you want to get your direct marketing to people. And make sure you have a data protection reason (“lawful basis”) for your direct marketing.

Step 3: Collect

Collect information for direct marketing fairly and clearly explain to people how you plan to use their information.

Step 4: Respect

Always respect people’s preferences. People have an absolute right to object to or opt out of direct marketing at any time.