Next week the ICO is running a free online webinar, ‘Data protection and marketing for your small business’, to provide advice on different types of direct marketing activities (using email, text, phone call, online messages, for example).
What is ‘direct marketing’?
Direct marketing covers any advertising, promotion or marketing material, including:
- commercial marketing of products and services, and
- promotion of aims and ideals, such as fundraising or corporate initiatives that promote community or charitable work (including for charities and ‘third sector’ organisations) where messages are directed to a particular individual or categories of individuals (for example, personally addressed post, calls to a particular telephone number, emails sent to an individual’s account, online advertising using social media targeted to a particular user).
Why is this important?
The ICO regularly takes enforcement action against UK organisations who are not complying with rules on direct marketing, imposing hefty fines.
How can our organisation improve compliance with direct marketing rules?
Last December, as one of its initiatives to support UK businesses and ease the burden of compliance, the ICO updated online guidance and provided additional free resources to help organisations engage in direct marketing activities lawfully. This included new guidance tailored for SMEs.
Among the useful free resources available are:
- a direct marketing checklist
- a table setting out different methods for direct marketing and guides businesses towards choosing the correct ‘lawful basis’ for processing personal data
- guidance clarifying when data protection law applies to any Business-to-Business (B2B) direct marketing activities
- a series of practical easy-to-understand responses to FAQs
We buy direct marketing services from an external service provider – who is responsible?
The ICO update includes guidance for organisations which use services from other external organisations to carry out direct marketing on their behalf.
It remains a common misunderstanding that when using such organisations (data brokers) those organisations carry the full weight of responsibility for ensuring compliance with the law.
In fact, businesses which use marketing services of a data broker have their own compliance responsibilities. Those include undertaking appropriate due diligence and having a valid lawful basis for personal data processing, issues discussed in the ICO’s detailed step by step general direct marketing guidance.
Navigator Law provide data protection compliance support services, which include training on direct marketing and other activities. Please contact us for information at firstname.lastname@example.org.