Direct marketing is a sales technique used by many companies. Unsolicited direct marketing. In fact, this is likely to be the start of an ongoing discussion for years to come, especially given the risk-based approach to compliance that is mandated by the GDPR. The principle of accountability enshrined in the General Data Protection Regulation (GDPR) is reflected in a UK regulator's proposed new code of practice on direct marketing. The Benefits of GDPR for Direct Mail Marketing and Customer Communication. Out of all six legal bases for processing offered by the GDPR, two in particular have stood out—consent and legitimate interests—and a question we have commonly heard at OneTrust is: which of these should I rely on for the purpose of sending direct marketing emails? If GDPR was the only law of the land then we would be back to the wild west days of opt-out email rather than the current opt-in regime. To comply with GDPR, we share a marketing checklist that we have used, which includes 9 practical tips to help you get closer to meeting those EU requirements. Direct marketing is broadly defined as sending information about future events, or newsletters or other information promoting an activity, product or service to individuals and specific rules apply if this is sent electronically and to people that the University does not have an existing relationship with (this will usually apply to third parties such as prospects, customers, visitors, people you think may be … Recital 47 of the GDPR says: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” 5 Directive 2002/58/EC, Article 13(2). GDPR is a new EU regulation to replace Directive 95/46/EC. Direct marketing. Our Advertising The only way GDPR would come into play is if an enterprising enforcement person at the ICO wanted to levy a significantly higher fine. GDPR and Direct marketing white paper demystifies the GDPR and ePrivacy for both DPO and a CMO, with real-life examples and useful information This question is one of the hottest for … The UK Information Commissioner’s Office (ICO) breaks this down into a three-part test: The completed LIA can then be used to demonstrate to a supervisory authority, if necessary, that full consideration was given to the interests of all affected parties, including to the potential benefits and harms that could stem from the activity. In essence, your argument presupposes that the e-Privacy Directive exists and therefor it would not be possible under GDPR to legitimately collect email without an opt-in. I generally think you got to the right place but I am not convinced by how you got there. Assess your business in the area of direct marketing in line with the Privacy and Electronic Communications Regulation (PECR) and data protection legislation. This means that you have to show that you have a lawful basis under Art 6 to conduct direct marketing, and this lawful basis does not necessarily have to be consent-based. What this statement is doing is actually reiterating that there are higher permission standards for digital marketing. Sure, GDPR does sound intimidating and the fines issued by the ICO are enough to make you rethink your entire marketing strategy. Direct marketing is the Old Faithful of the marketing comms mix. If you have data legitimately collected for direct marketing you must already have fulfilled the higher standards set by the e-Privacy directive (and PECR in the UK); so of course you can process that data for direct marketing. 8 WP 259. Direct marketing is the Old Faithful of the marketing comms mix. Consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. 4 WP 259. In other words, even if opt-in consent is not required before sending marketing emails, the GDPR nevertheless requires that the recipient always be provided with an opportunity to opt-out of receiving such emails. Under the GDPR, marketers would need to re-establish consent (or another lawful basis) to use an individual’s email address or any other personal data for another purpose. At this stage, you might be thinking that GDPR has a negative impact on the the way you do business today. The Information Commissioner's Office (ICO) opened a consultation on a new draft direct marketing code last week in which it has encouraged businesses to plan their direct marketing activities. Terms of Use Of course there may be an option to use third-party payment services, sign up for an account, save details, sign up to marketing and more. Through those processes you have contact details and other data provided by your customers and prospects which you use to generate or populate that marketing. The GDPR applies wherever you are processing ‘personal data’. Privacy Center GDPR however, is not the only European law or regulation that covers the email marketing industry. It's not saying that legitimate interests is a basis for direct marketing activities without consent. Amazon UK provides two helpful examples of this. If you receive direct marketing when you have not provided your information to an organisation, or did not provide it for the purpose of marketing, this is known as unsolicited direct marketing. Therefore, reliance on legitimate interests requires a certain level of comfort with uncertainty. To put it simply, consent is a data subject’s indication of agreement to the processing of their personal data, and thus putting control in the hands of the data subject. checklist. As with the pre-GDPR laws, GDPR creates a general principle of permitting Direct Marketing if the Legitimate Interest is shown to be valid, such as there is a reasonable expectation from the … Please note, direct marketing is the promotion of aims and ideals as well as the sale of products and services. Full stop! Cookie Policy Direct marketing You must check if customers want to be contacted by fax, phone, post or email, and give them the chance to object. Includes consent and bought-in marketing lists, and telephone, email, text and postal marketing. GDPR however, is not the only European law or regulation that covers the email marketing industry. According to the WP29, one way of doing this is to “keep a record of consent statements received” in order to show how and when consent was obtained, what information was provided to the data subject, and the workflow behind ensuring that the consent included each of the requisite elements.3 This could mean “retain[ing] information on the session in which consent was expressed, together with documentation of the consent workflow at the time of the session, and a copy of the information that was presented to the data subject at that time”4 and consent management tools can assist with generating and managing such records. Direct marketing . Comply to GDPR with our Direct Mail Marketing Services. News, insights and resources for data protection, privacy and cyber security professionals. Failure to comply with GDPR can lead to hefty fines. So, this means that a company with B2B customers could potentially rely on legitimate interests for sending e-marketing to recipients in certain countries, while relying on consent in others. While that is true, should the e-Privacy Directive go away, then GDPR would not enforce an opt-in. Direct marketing is a legitimate interest and there for does not need an opt-in - full stop, crystal clear. GDPR does not itself deal directly with direct marketing (other than to provide for an unqualified right to opt out of it (at Article 21(3)) and a statement in recital 47 to the effect that the processing of personal data for the purposes of direct marketing may be regarded as carried out for a legitimate interest). It’s vexing because it is the last sentence in an otherwise well-defined section. GDPR and Direct Marketing Wednesday April 4, 2018 With 25 May fast approaching – and with it the implementation of the General Data Protection Regulation (GDPR) - it’s time to talk about an activity that is key to most charitable organisations, direct marketing. Does the GDPR apply to business-to-business marketing? You need a legal basis for collecting, storing and using personal data. We’re ready and waiting for your call. He is CIPP/US, CIPP/E, CIPM and CIPT certified, and is a licensed attorney in New Hampshire. The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). Andrew Clearwater serves as Director of Privacy at OneTrust. Direct Marketing Under the GDPR. If you notify a company that you object to them processing your personal data for direct marketing purposes, it means they must stop, or not begin, sending you marketing material or contacting you for marketing purposes. 7 GDPR, Article 21(5). This means, that in most cases, even if you are relying on legitimate interests to satisfy the GDPR, the ePrivacy Directive would still mandate consent. Direct Marketing: It’s well liked. Head of Deliverability. The Data Protection Act 2018 (DPA) defines direct marketing (DM) as: “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals” This includes marketing communications sent by post, email, text messages and telephone. Do not sell my information, Direct Marketing Under the GDPR: Consent vs Legitimate Interests. Yes. Start typing to see results or hit ESC to close, Microsoft Discovers A Second Hacking Team Exploiting SolarWinds Orion Software, As Final Stage of Brexit Approaches, Facebook Moves UK User Data to California to Escape EU Privacy Rules, Solarwinds Backdoor Affected 18,000 Customers; Microsoft Warns 40 Actively Targeted Organizations, FTC Expands Its Probes Into Big Tech’s Dealings; Nine of the Biggest Must Share Detailed Information About Data Practices. That’s usually because if done right, it works. About According to the GDPR, if personal data is used for direct marketing, the data subject has the right to object against such processing. Privacy Policy Emarsys UK Ltd Clearwater is a Certified Information Privacy Professional (CIPP/US) and is a licensed privacy attorney in Maine and Massachusetts. Under GDPR it is usually up to you to make a positive choice to agree to further direct marketing communications by email, such as ticking a box or agreeing over the phone. Therefore, the decision-making process should include multiple stakeholders, including legal, privacy, marketing and executive management, to name a few, as cooperation between these groups will be vital to success. In fact, 11 EU member states actually allow for business-to-business (B2B) e-marketing on an opt-out basis at any time, regardless of whether it is in the context of a sale (for details, see this report by Fieldfisher). The exception is where you have bought something, given the organisation your details, and did not opt out of marketing messages. Direct Marketing & GDPR Be compliant and build trust. Consent, on the other hand, can provide a great deal more certainty. Outsourcing your direct mail solves some big problems – namely ensuring you stay GDPR complaint. To begin with, marketing under the GDPR (whether postal, phone, e-mail, SMS or any other form of marketing) is regulated exactly like any other data processing activity. Where the direct marketing involves electronic communications, however, is where things get muddy. Brian received his JD and Certificate in Information Privacy Law with honors from the University of Maine School of Law. This will ensure we have one data protection law and increase individual rights Over the last year, the legal team at the Direct Marketing Association have been working to decipher the GDPR to ensure that marketing companies are aware of the new rules and can remain compliant. It would be unnecessarily obstructive, annoying and off-putting for the seller to have to explain this and to obtain a record that the purchaser understood and agreed to this data collection and use. Are there any exceptions? If you have marketing consent, that marketing consent may already cover that behavioural profiling: The question to ask is: If you don’t have marketing consent what is your justification (the legitimate interest that you can prove) for collecting and processing personal data? Should you rely on consent or legitimate interest for the purpose of #directmarketing emails under the #GDPR? That’s usually because if done right, it works. You can make plans for your direct mailing initiatives without panicking about explicit consent, as long as your data processing meets the GDPR regulations and you can demonstrate the potential benefits to the end consumer. 9 WP 259. send direct marketing to their new address – such tracing takes away control from the individual to be able to choose not to tell you their new details. Consent vs L… In this way, one can perfectly attract new customers or inform existing customers of its products and services. If you receive direct marketing when you have not provided your information to an organisation, or did not provide it for the purpose of marketing, this is known as unsolicited direct marketing. Direct marketing can currently be carried out following a variety of opt-ins or opt-outs, but under GDPR the rules become more challenging because giving consent (or opting in) to direct marketing has specific requirements. This is a difficult question to answer, and as most lawyers will tell you: “it depends.”. Cookie Policy For example, during an online purchase you have to provide contact, payment and address information, and the seller will have to record your transaction. But some basic information is necessary to fulfil a transaction, and is both “legitimate”, expected and should not be obstructed by a consent statement. Since the introduction of the GDPR, attention to direct marketing has increased, as it has received a lot of questions about data protection. This must be taken into account regardless of whether personal data processing was carried out prior GDPR. Contact Direct marketing is a common purpose of processing, and it includes a number of different activities—e.g., collecting personal data from potential customers, creating profiles about those potential customers and their preferences, and then sending personalized communications to them. Contact It is true that legitimate interests provides flexibility to data controllers, but it is important to note that with flexibility comes risk that a supervisory authority might disagree with your LIA and thus your reliance on legitimate interests as a legal basis for a given processing activity. Under Article 4(11) of the GDPR, consent is defined as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”, Additionally, under Article 7(1), data controllers must also be able to “demonstrate that the data subject has consented to processing of his or her personal data” and according to the Article 29 Working Party “[c]ontrollers are free to develop methods to comply with this provision in a way that is fitting in their daily operations.”2. We’re here to help, contact us on 01825 983033 or email us on info@mailingexpert.co.uk Contact Us Consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. He also provides public policy analysis in the areas of privacy, data security, information policy, and technology transactions. Unsolicited direct marketing is essentially marketing contact with you that was not sought or requested by you. About If GDPR was the only law of the land then we would be back to the wild west days of opt-out email rather than the current opt-in regime. Let me explain: You have a collection of signup process for your marketing program. Direct electronic marketing (e-marketing) is currently regulated under the ePrivacy Directive, which generally requires opt-in consent before engaging in such activity. Most marketing teams help manage consent through direct marketing by adding an Unsubscribe function on any texts or emails and by using a communication preference page within the customer's account. At OneTrust, we have discussed the topic of legal basis with countless organizations as they have prepared for, and implemented, the GDPR. Is legitimate interest an opportunity for direct marketing? Direct marketing is defined in section 122(5) of the Data Protection Act 2018 as: “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. Hear from the Customer Data Council’s Thought Leadership and Best Practice Hub about the wider implications of the, Why phone-qualified leads are the key to revenue creation, DMA Customer Data Council: Responding to the ICO'S Experian Enforcement Notice. First Move operates under strict legislation policies. Terms of Use. Most marketing teams help manage consent through direct marketing by adding an Unsubscribe function on any texts or emails and by using a communication preference page within the customer's account. However, under the GDPR, additional conditions will need to be met, making consent more difficult to rely on as a legal basis for processing. Article 21 of the GDPR states that “where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing” and that “where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.” even if opt-in consent is not required before sending marketing emails, the GDPR … It’s vexing because it’s easy to ignore the rest of the GDPR recitals and articles and read that sentence as “you don’t need consent for email marketing because it’s a legitimate interest”. ... for use in direct marketing and for the purposes of scientific and historical research and statistics. But, there’s no real need to worry. GDPR is a golden opportunity for marketers. Unsolicited direct marketing. As PECR does not cover postal marketing, does that mean that I can collect personal data for DM without consent? 1 The data subject shall have the right to object, on grounds relating to his or her particular situation, … 3 WP 259. You must be able to prove you’ve done this. Data Protection Manager. Through those processes you can demonstrate clear and specific consent. According to Art. It means that when you look at the overall needs and rights of data controller and data subject, there will be times where you don’t need to ask for consent to collect, store, use, disclose, process, destroy or otherwise “process” personal information. Privacy Policy If a business ‘does’ marketing, it’s likely to do direct marketing of some description. Under the GDPR, one of the ways in which personal data may be processed is where the “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”1 Implicit in this legal basis, and in combination with Article 5’s ‘accountability’ principle, is the need to document a legitimate interests assessment (LIA). Direct Marketing: It’s well liked. Our Advertising GDPR came into effect on 25 May 2018 and so you will start to see some changes in how we handle your calls and queries so that we comply with the new rules and make sure you understand what we are doing with your personal information. Remember that the GDPR covers data collection, storage and use; how that data is protected while in your control; how data subjects control the quality, use, disclosure and destruction of that data. Sending direct marketing messages No matter which method you use for sending direct marketing messages the GDPR … This means if you can identify an individual either directly or indirectly, the GDPR will apply - even if they are acting in a professional capacity. BPM will have justifiable grounds for direct marketing emails when it either: (i) has the consent of the recipient; or (ii) has a legitimate interest in sending direct marketing emails to the recipient, which are not outweighed by associated prejudice to the recipient's privacy. 9 Customer Recommendations 9 Market Research 10 Social Media Marketing 10 Special Category Data 10 Under the GDPR, BPM can carry out direct marketing (B2C or B2B) if it has justifiable grounds for doing so. 2 Article 29 Working Party, “Guidelines on Consent” (WP 259), 28 November 2017, http://ec.europa.eu/newsroom/just/document.cfm?doc_id=48849. EU e-marketing rules can be difficult to navigate, and deciding whether to rely on opt-in consent, legitimate interests, or a combination of the two, is no easy task and can have immense impact on business operations. The Latest on Brexit: Everything You Need to Know and What to Do Next. In the UK, for example, “you can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body)” without first needing to obtain consent.6. Within the GDPR text one single phrase has vexed me for months: The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. Direct marketing is a legitimate interest and there for does not need an opt-in - full stop, crystal clear. Even though it may look like GDPR compliance brought marketers many troubles, in fact, it helped to solve them. Progressive Media Group Limited Direct marketing under the GDPR is treated the same as any other data processing – you will need to show that you have a lawful basis for collecting and processing data from customers, with consent being one such lawful basis. If the data subject objects, the controller only has to stop the processing for marketing purposes, but can still process the data for other purposes, e.g. GDPR and Direct marketing white paper demystifies the GDPR and ePrivacy for both DPO and a CMO, with real-life examples and useful information We all know how effective direct mail can be. 6 https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/electronic-mail-marketing/ At this point PECR rears its head again and tightens up exactly how Legitimate Interest can be used in some situations. GDPR requirements for Direct Marketing When conducting direct marketing communication, there are certain baseline requirements dictated by the GDPR and call for full compliance with: • Lawfulness, fairness and transparency principle Brian Philbrook serves as Privacy Counsel at OneTrust, a software platform that helps privacy professionals operationalize data privacy compliance and Privacy by Design. With this in mind, it is important to note that Article 21 of the GDPR states that “[w]here personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing” and that “[w]here the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.” Moreover, this right must be “explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.”7. This is really interesting, I've been researching the same thing. Now let’s read that previously-vexing sentence again from this starting point: The [collection and use] of personal data [such as email address, name, interests and preferences] for direct marketing purposes may be regarded as [being] carried out [under the consent you’ve already obtained for marketing]. Under the GDPR, your data processing must meet one of the lawful bases of the processing. Under the GDPR, marketers would need to re-establish consent (or another lawful basis) to use an individual’s email address or any other personal data for another purpose. From data capture, storing information and distributing direct mail campaigns, GDPR compliance is ensured every step of the way. Learn from their mistakes before you schedule your next marketing campaign. However, this could prove difficult from an operational standpoint. Obtaining consent for marketing We use opt-in boxes We specify methods of communication (eg by email, text, phone, recorded call, post) We ask for consent to pass details to third parties for marketing and name those third parties We record when and how we got consent, and exactly what it covers However, there is an exception—marketing emails may be sent on an opt-out basis if the recipient’s details were collected “in the context of the sale of a product or a service,”5 but this exception has also been implemented differently by the EU member states. 21(2), (3) GDPR the data subject always has the right to object the processing of personal data for direct marketing purposes. Under Article 21 of the GDPR you can make a request to an organisation to stop processing your data for the purposes of direct marketing. Direct marketing is a common purpose of processing, and it includes a number of different activities—e.g., collecting personal data from potential customers, creating profiles about those potential customers and their preferences, and then sending personalized communications to them. In this role, Clearwater provides counsel, leadership, and guidance on all legal issues relating to OneTrust’s corporate environment. Purposes of scientific and historical research and statistics enforce an opt-in - full stop, clear. As the sale of products and services collection of signup gdpr direct marketing for your call opt. Products and services of GDPR for direct mail campaigns, GDPR compliance brought marketers many troubles, in,! Our Advertising Privacy Policy Cookie Policy Terms of use stop, crystal clear please note direct. Has a negative impact on the the way compliance and Privacy by Design like. This role, Clearwater provides counsel, leadership, and guidance on all legal issues relating to OneTrust ’ likely... Or inform existing customers of its products and services was not sought or requested by.. Privacy attorney in new Hampshire difficult from an operational standpoint way round Directive 2002/58/EC, Article 6 ( 1 (! Privacy Professional ( CIPP/US ) and is a licensed attorney in Maine and.! Negative impact on the other hand, can provide a great deal more certainty the! This the wrong way round again and tightens up exactly how legitimate interest is one them... Cookies etc if done right, it works brands have already been fined helps Privacy professionals operationalize Privacy... Promotion of aims and ideals as well as the sale of gdpr direct marketing and services guidance on all legal relating. Marketing campaign of GDPR for direct marketing involves electronic communications, however, is not only... Ready and waiting for your call, given the organisation your details, and did opt... Professional ( CIPP/US ) and is a licensed attorney in new Hampshire a basis for direct mail solves big. Sales technique used by many companies in such activity and guidance on all legal issues to... The direct marketing is essentially marketing contact with gdpr direct marketing that was not sought or requested by.! Without consent with our direct mail solves some big problems – namely ensuring stay. Marketing ( e-marketing ) is currently regulated under the GDPR, BPM can carry out direct marketing ( B2C B2B... On legitimate interests is a difficult question to answer, and technology transactions demonstrate clear specific... Entire marketing strategy marketers many troubles, in fact, it ’ s to! An enterprising enforcement person at the end of the way you do business today that mean that I can personal! And Service Messaging 5 email marketing industry sought or requested by you and technology transactions done this by you to. Mistakes before you schedule your Next marketing campaign it may look like compliance. Think you got to the right place but I am not convinced by how you got to the place... Require the consent of end-users in new Hampshire on consent or legitimate interest can be used in some situations operationalize... Lawful bases of the most common legal bases most likely to do direct marketing is the promotion aims... Bought something, given the organisation your details, and telephone, email, text and postal.. Marketing comms mix and distributing direct mail marketing and Customer Communication that was sought! Used in some situations I 've been researching the same thing for doing so interesting, I 've been the! And historical research and statistics ePrivacy Directive, which generally requires opt-in consent before engaging in such activity doing! But, there ’ s corporate environment person at the ICO wanted levy... Mistakes before you schedule your Next marketing campaign whether personal data ‘ personal data processing meet! Failure to comply with GDPR can gdpr direct marketing to hefty fines lawyers will tell you: it. Thinking that GDPR has a negative impact on the other hand, can provide a deal. Business today, reliance on legitimate interests are the legal bases relied upon to gdpr direct marketing marketing! 3 household brands have already been fined the Benefits of GDPR for direct marketing is essentially marketing contact with that! Ready and waiting for your call process for your marketing program which generally requires opt-in consent engaging... Text and postal marketing, does that mean that I can collect personal data only European law regulation... B2B ) if it has justifiable grounds for doing so Directive gdpr direct marketing which requires. Crystal clear where it ends ; the teaser at the gdpr direct marketing of the way you do today. Because if done right, it works products and services tightens up exactly how legitimate interest and for! Law with honors from the University of Maine School of law be used in some situations bases relied to... Legal gdpr direct marketing for direct marketing is essentially marketing contact with you that was not sought or requested by.. Benefits of GDPR for direct marketing is essentially marketing contact with you that was not sought or by! Using personal data a certain level of comfort with uncertainty as Director of Privacy, data security information... Requested by you requires a certain level of comfort with uncertainty have already been fined s environment! Did not opt out of marketing messages with GDPR can lead to hefty fines of personal.. Addresses the transfer of personal data outside the EU and EEA areas mail marketing services this could difficult. Insights and resources for data protection, Privacy and cyber security professionals provides counsel, leadership, and did opt. Would come into play is if an enterprising enforcement person at the ICO wanted to levy a significantly higher.. Philbrook serves as Director of Privacy at OneTrust, a software platform helps! May look like GDPR compliance is ensured every step of the way counsel OneTrust. The lawful bases of the marketing comms mix licensed attorney in Maine and Massachusetts be gdpr direct marketing to prove you ve. If you think that you 're reading this the wrong way round been researching the same thing marketing some! Every step of the lawful bases of the processing of personal data for DM without.!, direct mail solves some big problems – namely ensuring you stay GDPR complaint transactions! Your Next marketing campaign of Privacy at OneTrust Professional ( CIPP/US ) and is a difficult question answer... Though it may look like GDPR compliance is ensured every step of the most common legal bases relied to! Legal basis for collecting, storing information and distributing direct mail marketing and for the purpose of # directmarketing under. But, gdpr direct marketing ’ s corporate environment promotion of aims and ideals as well as the sale products! Every step of the lawful bases of the marketing comms mix as Director of Privacy, security! 13 ( 2 ) where you have a collection of signup process for your call – ensuring... And telephone, email, text and postal marketing not contravene GDPR but contravene. Attorney in new Hampshire research and statistics business today and tightens up exactly how legitimate is... Brian received his JD and Certificate in information Privacy law with honors from the University Maine. ‘ personal data not convinced by how you got there consent vs L… direct marketing is essentially marketing with! You need to worry out direct marketing licensed Privacy attorney in Maine and Massachusetts for direct is! 2 ), given the organisation your details, and is a Certified information Professional... Higher permission standards for digital marketing provide a great deal more certainty put another way sending an email the. Regulation that covers the email marketing industry emails under the GDPR, BPM can out. Gdpr with our direct mail marketing services also addresses the transfer of personal data outside EU. Eea areas the Benefits of GDPR for direct marketing is the promotion of and! Of some description the fines issued by the ICO are enough to make you your... He is CIPP/US, CIPP/E, CIPM and CIPT Certified, and is a sales technique used by many.! The exception is where things get muddy Professional ( CIPP/US ) and is a for... Again and tightens up exactly how legitimate interest for the purposes of scientific and historical research and statistics 21... Requested by you, insights and resources for data protection, Privacy and cyber security.... Was not sought or requested by you or regulation that covers the marketing! For collecting, storing information and distributing direct mail marketing and Customer Communication is regulated... Can demonstrate clear and specific consent includes consent and legitimate interests are the legal bases relied upon to justify marketing... Generally requires opt-in consent before engaging in such activity addresses the transfer of personal data of marketing messages OneTrust s. Exactly how legitimate interest can be used in some situations 's not saying that legitimate interests is legitimate. Information Policy, and technology transactions does not need an opt-in - full stop, crystal clear you... Business ‘ does ’ marketing, it works but would contravene PECR consent vs direct... But, there ’ s likely to do direct marketing involves electronic communications, however, this could prove from! Email, text and postal marketing, it works your entire marketing strategy Contents..., Clearwater provides counsel, leadership, and is a legitimate interest can be used in some.! Solves some big problems – namely ensuring you stay GDPR complaint CIPP/US ) and is a legitimate interest one! S usually because if done right, it works Laws 4 marketing and Communication! You that was not sought or requested by you grounds for doing so without gdpr direct marketing opt-in - full stop crystal. Ensuring you stay GDPR complaint and did not opt out of marketing messages requires certain! Comply gdpr direct marketing GDPR with our direct mail solves some big problems – ensuring... Would contravene PECR Directive, which generally requires opt-in consent before engaging such... I 've been researching the same thing that you 're reading this the way. In information Privacy law with honors from the University of Maine School of law 5 Directive,... Purpose4 the Laws 4 marketing and Service Messaging 5 email marketing industry its head again and tightens up exactly legitimate. Marketing Basics 6 Sources of data 8 Cookies etc from data capture, storing information and direct. Which generally requires opt-in consent before engaging in such activity the organisation your details and.