Do I need consent for direct marketing?

With less than 50 working days until GDPR takes effect on 25 May 2018, many businesses are starting to consider the hot topic of whether their marketing lists will still be valid.

Credit to Legal Futures

As we all know, under GDPR, organisations can only process personal data if they have a lawful basis for doing so (article 5, clause 1). The test for ‘lawfulness of processing’ includes that the data subject has given consent for the processing, but this does not automatically mean that you need consent to carry out direct marketing (or any other type of processing).

Even the ICO acknowledges that obtaining valid consent under GDPR (article 7) will be challenging and they urge businesses to consider whether consent is the correct lawful basis for the processing of any data.

Legitimate interests

Recital 47 of the GDPR states: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

Postal marketing: As long as the organisation identifies itself, offers an opt-out and screens addresses against the Mail Preference Service, then it’s OK to send first-party marketing (about your own products and services) as long as the individual has not previously opted out.

Email/SMS marketing: You must follow the rules in PECR, which require an opt-in unless you have obtained the contact details of the individual during the course of a sale (or negotiations of the sale) of a product or service.

The marketing must be of a similar product or service and the individual must have been given the opportunity to opt-out.

When can we email or text companies?

You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice – and good business sense – to keep a ‘do not email or text’ list of any businesses that object or opt out, and screen any new marketing lists against that.

Telephone marketing: For live marketing calls, the rules say you can contact anyone as long as they have not previously opted out and are not registered with the Telephone Preference Service (TPS for individuials) and the Corporate Telephone Preference Service (CTPS for companies). You must not make automated calls to anyone unless they have specifically opted in to receive this type of call from you.

Selectabase and GDPR

We can assure you that Selectabase will only sell data that is compliant under the EU’s GDPR processing rules. You can trust us to only provide you with the highest quality marketing data, in accordance with the latest GDPR guidance.

Marketing is a significant and important economic activity. Organisations are entitled to market their goods and services, and they have a legitimate interest in seeking to address marketing to the most relevant audiences.

Speak to one of our data experts today on 01304 383838 and see how you can benefit from using Selectabase’s GDPR ready data.