Time to update your e-mail database

The draft Directive on Data Protection and Electronic Communications approved recently by the European Parliament is on course to...

The draft Directive on Data Protection and Electronic Communications approved recently by the European Parliament is on course to be implemented into UK law later this year. This will affect how firms carry out direct marketing by e-mail and SMS, writes Lindsey Scutt.

How does the law stand now?
Broadly-speaking the current position in the UK is that, if a firm is collecting people's details in order to send them direct marketing by e-mail and SMS, it must clearly explain - at the time those details are collected - who the company is and that it plans to use the information for direct marketing and obtain their consent.

Under this regime it is sufficient to give the person whose details are being collected an opportunity to opt-out of receiving direct marketing. If they do not opt-out, they are consenting, by default, to receiving it. They do not have to specifically opt-in.

The draft directive significantly changes this, in that it provides that most use of e-mail and SMS for direct marketing purposes will have to be on an opt-in basis only.

This means firms will not be able to use e-mail or SMS for direct marketing unless the recipients have specifically opted in to receiving such material.

There is an exception in relation to marketing by a business of its own products or services where these are similar to those bought by the recipient in the past, but this is unlikely to have a very broad application.

What is set to change?
This means that once the draft directive has been implemented into UK law the basic position will be that:
  • Firms will not be able to send direct marketing by e-mail or SMS to anyone currently on their marketing database who has not already opted in, unless they have already been contacted to ask whether they are happy to receive this type of direct marketing and they then opt-in

  • Firms will not be able to send any direct marketing by e-mail or SMS to anyone they add to their marketing database in the future who has not opted in.


This means that unless companies take practical steps now to update their databases some of the information on those databases will become illegal, rendering them, in effect, useless - clearly a significant concern for the thousands of companies that employ direct mail through these new media.

What should you do?
Companies should now :
  • Ensure that in future they clearly explain to people whose details they are collecting that they would like to send direct marketing by e-mail and SMS, and obtain their opt-in consent

  • Ensure that everyone on their marketing database has opted in to direct marketing by e-mail and SMS

  • If not, contact people who have not yet opted in and ask them to do so (this can be part of a direct marketing mailing rather than a completely separate mailing)

  • Ensure that marketing databases differentiate between direct marketing by post, fax, telephone (cold-calling), e-mail and SMS and makes clear which of these each individual has consented to

  • Check the e-mail and telephone preference service lists and update the database to show anyone who has registered not to receive such direct marketing, unless they have opted in to being sent such material(which overrides the registration)

  • Review any mailing lists bought in from third parties against the e-mail and telephone preference service lists

  • Ensure that everyone they direct market to by e-mail and SMS is aware of their right to opt out.


EU directive affects how firms market
  • A European Union Directive will affect everyone carrying out direct marketing by e-mail or SMS

  • In future companies will generally only be able to send direct marketing in this way if the recipient has chosen to receive it

  • Companies should start reviewing their direct marketing practices immediately.


Lindsey Scutt is a solicitor at Taylor Joynson Garrett 's data protection group. E-mail: lscutt@tjg.co.uk or go to www.tjg.co.uk/

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close