Skip to content

Direct marketing: legal issues and best practice

    Direct marketing: legal issues and best practice


    If you are gathering, storing, using or otherwise processing information about customers, potential customers or suppliers, you must comply with the Data Protection Act 2018 and in particular, with the six data protection principles. These require that:

    the processing of personal data must be lawful and fair
    the purpose for which personal data is collected must be specified, explicit and legitimate, and not be processed in a manner that is incompatible with the purpose for which it was collected
    personal data processed must be adequate, relevant and not excessive
    personal data processed must be accurate and, where necessary, kept up to date
    personal data processed must be kept for no longer than is necessary for the purpose for which it is being processed
    personal data must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures
    You must also:

    have permission to hold third-party information; and
    check whether you need to register with the Information Commissioner’s Office.

    Read more about privacy and data protection in marketing.

    Privacy and electronic communications
    The Privacy and Electronic Communications Regulations require you to get individuals to opt in consent before sending them marketing emails, unless they’ve already shown interest in similar products or services and have met the requirements of the ‘soft opt-in’ rule. Namely, that the individuals are customers of your business, were given the opportunity to opt-out of marketing emails when you first gathered their data and are given the opportunity to do so at each subsequent commination and any marketing emails solely relate to similar products or services for which they are interested.

    The law also covers contacting sole traders and unincorporated partnerships. You can send unsolicited marketing emails to companies or individuals within companies – though doing so may not be good for your reputation and you will need to ensure that this is in compliance with GDPR.

    Preference services
    Individuals and businesses may prefer not to be contacted by your business unless they have given their consent for you to do so. If you are selling or marketing using post, phone, fax or email, you should check to see if anyone you intend to contact does not want to be approached in this way and keep a record of this. You can do this by

    getting your call list cleaned by a list cleaning company
    checking numbers online on the Telephone Preference Service (TPS) website
    buying a licence for the area or time period you require


    Open chat
    Scan the code
    Can we help you?