Electronic marketing is a tool used by almost all business - through social media channels, emails to clients and potential clients, online advertisements and more. Where electronic marketing involves “direct marketing”, this falls under UK GDPR legislation, and businesses should be aware of their responsibilities and obligations, so as not to fall foul of the Regulations.
“Direct marketing” is when an individual is targeted directly, with the marketer either promoting a service or product, or marketing an event, or to gain support for a candidate in an election. It does not include general marketing, such as advertising a product on social media, where the advert is not targeted to any specific individual, but made to a wider audience. Although not restricted to electronic marketing, more and more direct marketing is taking place using electronic communications; the Privacy and Electronic Communications Regulations (PECR) sit alongside UK GDPR to provide specific privacy rights in relation to electronic communication.
Genuine market research does not count as direct marketing; however, if the survey includes promotional materials or collects details for use in future marketing campaigns, this would be considered direct marketing purposes and the same rules would apply. Routine customer service messages do not count as direct marketing - in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs). General branding, logos or straplines in these messages do not count as marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.
The general principle under this legislation is that affirmative consent is required from the individual being targeted. Individuals must also be made aware of their right to object, or to remove their consent at any given time. Where affirmative consent is received, the marketer is free to market their products directly to that individual, within the scope of any terms and conditions attached to that consent.
If an entity outsources its marketing, so another firm or individual is the one making the calls or sending the messages, both the marketer and the original engager are responsible for complying with GDPR and PECR requirements.
Direct marketing is a valuable tool for businesses, particularly in this electronic age. However, businesses should ensure that they are aware of the rules and restrictions in these areas, to make sure they don’t end up falling foul of the regulations.
Further information on UK GDPR can be found on the Information Commissioner’s Office website at https://ico.org.uk.
Disclaimer
The contents of this article are meant as a guide only, and are not a substitute for professional advice. The authors accept no responsibility for any action taken, or refrained from, as a result of the material contained in this document. Specific advice should be obtained before acting, or refraining from acting, in connection with the matters dealt with in this article.