The basic rule is simple: No newsletter without consent. Learn more about the legal grounds and possibilities that you have. In this article you will also find a checklist to lawfully send e-mail newsletters to your customers.
Data protection is regulated in the UK primarily by the Data Protection Act 1998. For electronic marketing the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), in short PECR, are relevant.
There is a wide definition of an electronic message. It covers any kind of communication that can be stored electronically. Hence, e-mail, sms, photo messages, video messages, voice messages and also direct messages via social media are covered.
Data may only be processed fairly and lawfully. This will be the case a customer order a product in your shop and you use the data he submitted to send him the goods or where you get an enquiry via your contact form and reply to the customer’s e-mail address.
The Data Protection act mentions different cases where data processing is deemed to be fair. Consent counts as the first grounds.
Consent is the main requirement for direct marketing. Based on EU principles consent must be specific, freely given and fully informed. The retailer needs to obtain the consent directly from the user; therefore relying on third party mailing list is no good idea. Using data without the customer’s consent will usually be unlawful unless there are other grounds of justification.
Consent vs. Soft opt-in
So, the basic rule is that consent is required for e-mail marketing. There is an exemption to this- the so called soft opt-in rule.
Where the retailer has obtained the contact details of the recipient in the course of the sale, or negotiations for the sale, of a product or service to that recipient he can sell e-mail marketing:
If at the time of collection of the e-mail address the customer has had the opportunity to object to the marketing purposes and this opportunity is also given in every consecutive e-mail and
If direct marketing in respect of its similar goods and services only
The scope of the soft opt-in marketing possibilities is very limited and therefore retailers should better obtain consent via a checkbox with an appropriate information attached to it.
The ICO may enforce the PECRs with by different ways.
Without notice an audit can be conducted and binding recommendations can be given. For offences monetary penalties up to 500,000 GBP may be imposed. In some cases prosecution may lead to imprisonment.
Checklist for sending newsletter to individuals:
Have you obtained the consent directly from the individual?
Is your completes supplier identification given in every e-mail marketing?
Is there an easy possibility to withdraw consent?
Is the newsletter marked clearly as marketing?
Are there mechanisms in your processes that allow to respect an op-out request as soon as possible?