Unsolicited marketing: we all moan about it…but is it a case of Pot, Kettle, Black when it comes to your approach to marketing?
Most of us at some stage have expressed frustration about receiving unwanted marketing calls, trying to sell us something we do not need or are remotely interested in. Chances are, many of those organizations are contacting us foul of The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
However, is there a chance that your organization’s marketing practices could also put you at risk?
Although the introduction of the GDPR was arguably one of the most high profile shake-ups of privacy laws in recent years, a perhaps lesser well known, but equally important, set of privacy rules, is PECR. Having been adopted in 2003, PECR came long before the GDPR or the Data Protection Act 2018. The PECR now sits alongside the GDPR and sets out guidelines on unsolicited marketing using electronic communications i.e. by telephone, email, or text.
It’s important firstly to note the difference between solicited and unsolicited marketing:
- Solicited marketing is when your customer has asked you to send them a specific type of marketing information.
- Unsolicited marketing is when you send your customer marketing information that they have not specifically asked for. So, even though they may have ‘opted in’ to receive marketing information from you, this simply means that they are not opposed to receiving such information in the future – regardless of the content.
If you undertake solicited marketing, then the PECR will not apply to you, as it does not restrict this form of marketing. However, if your organization sends unsolicited marketing messages, you will need to ensure you comply with PECR – or risk incurring a hefty fine.
So, can you continue sending your customers unsolicited marketing?
Put simply, under PECR, consent to receiving marketing messages is needed before you send any unsolicited marketing material.
This consent needs to be given knowingly and freely, and you need to provide information about your organization and the method of marketing you wish to use (e.g. by telephone, email, or text). The customer must take positive action to confirm their consent. This could mean, for example: ticking a box, adding a consent button on your website linking to an ‘opt-in’ page, or completing an online consent form. Whatever method you use will depend on your organization and your usual course of business with your customers – however, as stated above, the main thing to bear in mind is that the consent must be given freely.
Once consent has been obtained, you should keep a record of which customers gave it, the type of marketing they wish to receive, and how they want to receive it. This is important, as if there are ever any complaints against your organization, you will be able to show that you were compliant and hopefully avoid incurring a fine.
Finally, you need to remember that customers have the right to withdraw their consent at any time. As such, you need to provide the option for them to do so in all your communications with them. This could be as simple as a statement saying ‘if you wish to no longer receive any marketing from us, please click here’.
What will happen if you don’t comply?
Non-compliance with PECR can result in hefty fines of up to £500,000. Sanctions for breaches of PECR are enforced by the Information Commissioners Office (ICO), which can fine you up to £500,000.
The ICO’s powers are wide-ranging, however, and a lot of factors will be taken into account as explained in its current Regulatory Action Policy.
For example, they will consider factors such as the nature of the breach and how serious it is, the number of people affected, and how much their privacy is invaded. Aggravating factors include your organization’s attitude to non-compliance – have you been intentionally negligent and reckless in their approach to marketing? Equally, the ICO may also take mitigating factors into account, a consider, for example, what steps have you taken to minimize any damage caused by affected individuals.
Things to consider
If you or your organization sends any form of marketing material out, firstly consider whether it is unsolicited; if so, we recommend you review your current marketing practices to determine if you are PECR compliant and, if not, take immediate steps to ensure you are.
How we can help
In light of the above, are your current marketing practices compliant under PECR?
If you think you require advice on this and if you would like us to review your current marketing regime to ensure you are compliant, contact our Commercial and IP team on 0161 926 9969 or firstname.lastname@example.org to receive expert legal advice for your business.