Main Image

Key data protection points to consider

The Information Commissioner’s Office (ICO) has imposed fines on three companies for sending spam texts and making nuisance calls to customers. This direct marketing cost the businesses collectively just under £250,000. Besides financial consequences, those breaches carry serious commercial and reputational issues. In order to avoid these, any business should consider some key data protection points when carrying out direct marketing.

When collecting customer data you must always inform the customer, by means of a Privacy Notice, for example, that the collected data will be used for marketing purposes. Any information collected and held on a computer or otherwise in an organised system needs to be protected. This includes the customer’s name, address or email address.

It is useful to retain records of compliance with procedures in the event of a complaint or an investigation by the ICO. These should include individual’s preferences on how and how often direct marketing can be received as well as when and how consent to use data was obtained. Businesses need to assure customers, the data will only be stored for the purpose it is collected for and only for as long as it is required.

Customers should have an opportunity to opt in or out of marketing messages by using a simple process. Most frequently used methods include clicking on an unsubscribe link or sending a text message to a short phone number. It is considered good practice to include an opt-out opportunity whenever any method of direct marketing is used. In case of an opt-out, customer’s details should be suppressed to avoid future contact. Contrary to popular belief, neither a pre-ticked opt in box nor silence can equate to a permission. An action is always required.

It is a legal requirement to check whether an individual has registered with the Telephone Preference Services before carrying out direct marketing via telephone. Additionally, the caller should always display their telephone number. This obligation extends to modern methods of communicating such as text messages.

When considering marketing by pre-recorded means (i.e. automated calls, text messages or emails) the law distinguishes between individuals and companies. Where the former is concerned, companies need to obtain consent prior to marketing, but businesses have different requirements.

Some commercial entities purchase an external database for marketing purposes. Ensure that the rights to use the data have been obtained effectively. When considering selling or transferring your database to another party you should obtain appropriate legal advice.

Direct marketing can be a successful way to attract new customers to any business. However, due to a complex legal regime, companies should always ensure full compliance and if necessary seek external legal advice. This comprehensive approach will help to avoid the financial, commercial or reputational consequences.


If you would like more information or advice relating to this article or a Corporate law matter, please do not hesitate to contact Vanessa Crawley on 01727 798104..

© SA LAW 2017

Every care is taken in the preparation of our articles. However, no responsibility can be accepted to any person who acts on the basis of information contained in them alone. You are recommended to obtain specific advice in respect of individual cases.

Chris Wilks is an experienced corporate partner who focuses on advising small and medium sized companies and individual investors.
Chambers & Partners
Corporate Night View of London