What does direct marketing mean under GDPR?

It means marketing, through any media, which is sent direct to a particular person. It is, therefore, processing that person’s personal data. It does not include junk mail or mail sent to “the occupier” of a premises. To fall within the remit of direct marketing for GDPR purposes, you do not have to be selling a product or service. It includes promoting views or a campaign. So even if you are using personal data to elicit support for a good cause rather than selling goods, you are still carrying on direct marketing under GDPR. 

What are the obligations under GDPR on direct marketing?

You must comply with all GDPR requirements in relation to all direct marketing communications sent by any media. The controller of the data must have a legitimate reason for processing the data. The data subject must be given the right to require the controller to cease the direct marketing.

Can you direct market existing customers?

Yes, there are two options available, which are subject to conditions being satisfied. Firstly, is the “soft opt in” option This applies where your organisation has obtained the recipient’s contact details “in the context of the sale of a product of service”. This applies to marketing by electronic mail, which includes, e-mail. text, picture or video message, mobile internet message and voicemail. 

Four requirements must be met to to comply with the “soft opt in “option 
  • the product or service you are marketing is of a similar kind which was sold to the customer at the time their contact details were obtained. This excludes the marketing of third party products. 
  • at the time of collecting the personal details, you gave the customer an easy and free opt out option for the use of their personal data for marketing purposes.
  • each time a further marketing message is sent, details of the opt out was provided.
  • the sale of the product or service was within 12 months of the direct marketing.
Secondly, obtain prior consent. 

The consent to marketing may involve 

  • clicking an icon
  • sending an email
  • subscribing to a service. 

The customer must knowingly indicate consent by opting in. A pre-ticked box which requires the customer to untick, is not valid consent.

Data collected must not be excessive. 

Direct marketing requirements

You need to: 

Contact us if you need assistance complying with GDPR