In the past couple of weeks the ICO has issued detailed information on complying with direct marketing requirements, whether via live call or email, building and improving on existing guidance. As you may know, direct marketing laws don’t come directly from GDPR but from the Privacy and Electronic Communications Regulations 2003 (PECR), and rules differ between individual and business recipients of marketing, so it's important to get it right. Breaches of PECR can result in fines of up to £500,000, however remember that if personal data is involved (and it almost always is), then the GDPR will be applicable and the fines can be much larger – the guidance explains the crossover between the two regimes in more detail.
The docs set out clearly how the direct marketing rules apply to the channel of communication you are using, and simple tips on how to ensure you avoid breaching the rules and exposure to the risk of enforcement action and ultimately a fine for non-compliance. They also cover permitted means of fundraising and campaigning for charities – a sector the ICO is familiar with taking action against for non-compliance. The ICO regularly makes an example of organisations who fail to comply with direct marketing rules, and the newly updated guidance is a timely reminder that direct marketing remains on its radar.
For more information see: