Avoiding Pitfalls in Direct Marketing
Whether you are a sole trader running your business from home, a SME with a growing number of employees, or a regional business, sales and marketing activity is a key issue. As more businesses seek out new ways to increase revenue through growing their client base, networking both on and off line has an increasing part to play in business development.
However, in the enthusiasm to get out there and market to as many contacts and leads as possible, are we placing ourselves at risk of falling foul of data protection legislation and direct marketing regulations governing direct unsolicited marketing?
Collecting contact data
There are a number of opportunities in which a business can gather information on potential business leads for marketing purposes. At networking events there is the inevitable attendee list with contact details and the frequent exchange of business cards with contacts that you speak to. There are also contact details that are referred to your business by business colleagues. From an online perspective business media platforms such as Linked In provide a professional directory of businesses which allow you to connect to people you know and to accept invitations from people you may not know.
However, once you have received contact data, can you simply use that information to send marketing communications to those contacts?
Common sense might suggest yes, the fact that an attendee has given permission to have their details added to an attendee list or the fact that a person willingly hands over their business card with their contact details on. You may even have discussed contacting the person as part of your conversation and they agreed to this.
However, a word of caution, from a practical perspective (a) a person’s perception as to what “contacting” means may be different to yours (b) those individuals you did speak to you may not remember your conversation (c) attendee lists are often perceived to be for information purposes only to those attending the networking event.
Secondly, there are rules governing how you use personal data (Data Protection Act 1998 (DPA)) you collect and use, together with rules governing certain forms of direct marketing to individuals and businesses which ultimately dictate how you should interact with individuals with respect to direct marketing activities.
Avoiding upsetting any potential customer (whether or not your actions are within the rules or not) has to be the primary goal, as the tag of “spammer” and a loss of reputation could be damaging to your business.
What you need to know
Under the DPA, all individuals must be informed that their personal data will be used for marketing purposes and all individuals have an absolute right to object to their personal data being used for marketing purposes. You therefore must give an individual the option of opting out of use for marketing purposes.
Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (Privacy Regulations) certain forms of direct marketing (fax and electronic mail (includes email, text, picture, and video messages)) require the prior consent of an individual to that marketing activity (which is different to the concept of providing an opt-out).
Who can you send direct marketing communications to, how and by what means?
|Method||Existing Customers/On Mailing List(you have permission to use data for marketing purposes)
(no permission to use data)
|Electronic Mail||Only with prior consent of Individual or where “soft in option” applies
|Only with consent of Individual|
|Fax||Same as Electronic mail ***||Same as Electronic Mail ***|
*Provided the individual has not communicated to you that they do not wish to receive marketing by post or telephone
**Subject to you checking that the individual has not registered with the Mail Preference Service (recommended but not obligatory) or Telephone Preference Service (obligatory). If an individual has given their express consent to receive marketing communications from you, this will override any existing registration with the Telephone Preference Service or Mail Preference Service.
#Subject to you checking that the business has not registered the number you are calling or all their telephone numbers with the Corporate Telephone Preference Service (obligatory)
***Provided that the fax number has not already been registered with the Fax Preference Services
Electronic Mail – Direct marketing
Any marketing communications must clearly identify your business (including clarity on what legal form it takes e.g. sole trader, company, franchise etc.); business contact details and gives details of how that business can communicate with your business to opt out of future marketing communications.
Whilst the above rules apply to individuals only and not businesses (so you do not require prior consent to send marketing communications to a business), you are still required to ensure that the above information regarding business and contact details together with an opt-out procedure is in included in your marketing communications. An employee of a business who receives a marketing communication from your business will be entitled (if their name appears in the email address) to request that you refrain from sending marketing communications in accordance with their rights under the DPA.
If you are a business that provides products and services to other businesses, rather than consumers, you may well sigh with relief, however you need to be careful with respect to whom an Individual is, as the term includes sole traders and unincorporated partnerships.
Soft Opt In
If you do not require a customer or mailing list contact to expressly consent to electronic and or fax marketing communications at the point of collecting and confirming use of their personal data, you can still send marketing communications to individuals if you meet the requirements of the “soft opt in”.
The “soft opt in” applies where:
- The Individual has purchased goods or services from you, you are in discussions regarding the purchase of goods or services, or the individual has expressed an active interest in buying your goods and services (e.g. has requested their details to be held on mailing list for offers and or newsletters)
- Direct marketing messages only contain and relate to similar products and services
- The individual has a means of refusing unsolicited marketing at the time their details are collected and if they do not opt out at that time, they are given a simple way of doing so in future messages
If you stop mailing out newsletters and or customers do not buy your services and time passes, and then you wish to send a direct marketing communication, you need to consider carefully whether the “soft opt in” does still apply. The longer the period of time that passes (e.g. 6 months or more) the greater the risk the Individual will not perceive themselves to be a customer or someone actively interested in your services.
Top Tips to ensure that you comply with the rules and avoid being seen to be a spammer!
- Ensure that you follow up with potential new contacts who are individuals (not businesses) that you have received through networking activities (whether attendee lists, business cards or from social media unsolicited contacts) to confirm their consent to receiving direct marketing communications from you
- Don’t assume silence in responding to a request for consent to send direct marketing communications is consent for the purposes of direct marketing
- Consider using status updates and company page features on social media sites such as Linked In to post direct marketing communications rather than target individual contacts.
- Ensure all direct marketing communications sent contain an opt out provision (whether for individuals or businesses)
- Wherever possible ensure individuals confirm acceptance of your collection and use of their personal data and their consent to direct marketing communications
- Make sure that your website contains a suitable privacy statement (covering cookies where applicable) which explains clearly how you will use personal data, and wherever possible ensure that your services or registration of details for mailing lists require the individual to consent to your privacy statement and direct marketing use
- Where you do not use online facilities to purchase goods and services and or register for mailing lists, make sure individuals are required to sign a form or other documentation which acknowledges your use of their personal data (privacy statement) and gives consent for your direct marketing use.
- Keep your database up to date and accurate; ensuring that it is regularly reviewed and any personal data of contacts that are no longer considered customers or actively interested in products and services are either updated or removed (subject to any policy you have on document retention and bearing in mind that you shouldn’t hold personal data for longer than is necessary) will help mitigate the risk of using out of data
- When updating information on customers or interested individuals that have not been in contact with your business or received any communications from your business for a period of 6 months or more, check that the individuals have not registered on TPS, FPS, and MPS and contact the individual to confirm they are happy to continue to be on your mailing list/registered with you.