4 Steps to Direct Marketing Compliance

Martyn King explains the 4 key questions you need to ask to make sure your direct marketing activity is compliant.

1. Was there a genuine choice to give or refuse consent?

Consent has to be freely given. Each individual must have been given an actual choice about whether their personal data can be processed in the way you specify.

This means you can’t make consent a condition of another action like subscribing to a service or completing a transaction. The consent must be a stand-alone option to be valid.

2. Was it made completely clear?

Consent must also be informed. If you have some kind of opt-in process in your organisation, ask yourself whether it’s really clear what is being agreed to.

Burying a request somewhere inside your privacy policy won’t constitute the “informed” consent that is required by the regulations.

When reviewing your sign-up or subscription process, remember that the recipient of your communication must knowingly agree to receive the communication.

That means they must know that they are agreeing to something when they do so. They should also have to take some kind of positive action to communicate the fact that they give their consent. This is usually done by clicking a button or ticking a box.

3. Did you mention how the marketing will be communicated?

To obtain consent, simply saying you will send ‘marketing messages’ is not enough. Organisations must be specific about which communications channels will be used to contact the individual.

Here’s an example:

“Check this box if you would like to receive future discounts and other offers from Nexbridge via SMS to the number provided.”

4. Was the recipient made specifically aware of who might contact them?

Some detail about whom the recipient can expect to be contacted by is required.

Usually this is the organisation asking for consent. However, if you’ve gained your lead data from a third-party organisation, you need to make sure that when they obtained consent they specifically explained that companies like yours may contact them.

In any case, the ICO states that the person must have intended for their consent to be passed on to the organisation doing the marketing.

The ICO does also state that consent can be implied, although, because the previously stated rules still apply, implied consent is unlikely to offer an easier option for many organisations.

You are responsible for ensuring you have obtained consent

If, after reading this, you have any doubts about your current process for gaining consent from consumers to send them direct marketing communications, you should read the full section on consent in the ICO’s Guidance for Direct Marketing.

Remember that as the organisation carrying out the marketing, you are responsible for ensuring you have obtained consent, even if you gained your contact data from a third party.

With thanks to Martyn King at Nexbridge