Are you complying with the law?
Direct marketing is a powerful way of creating new business, promoting your products and services, and generating leads. Data compliance is often overlooked, but it is a legal necessity for any business using personal or company data for direct marketing.
The following is a list of legal requirements and recommended best practice procedures that companies should follow when directly contacting prospects or compiling a list of contacts.
Fax Preference Service (FPS) – legal requirement
This service allows companies to register their fax numbers free of charge on a central database indicating that they do not wish to receive advertising by fax. Legally, all companies carrying out fax campaigns must sweep their data against the FPS register before they perform a campaign.
Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) – legal requirements
These two services provide companies with a centralised list of individuals and companies who do not wish to receive telesales calls. Legally, all companies carrying out telesales campaigns must sweep their data against these registers.
Mailing Preference Service (MPS) – good practice
Abiding by the MPS is not a legal requirement, but in line with good practice it is recommended that companies maintain a list of companies who do not wish to receive correspondence and suppress contacts from this mailing list.
There is currently no Email Preference Service run by the DMA in the UK. However, the Privacy and Electronic Communications (EC Directive) Regulations 2003 means that it is now
illegal to send spam email. The following rules apply to all marketing messages by email:
1. The sender must not conceal their identity
2. The sender must provide a valid unsubscribe/opt-out
If it is a corporate recipient, prior consent is not required, but companies cannot send unsolicited emails to individual subscribers unless all three following rules are applied:
1. The email address was collected during negotiations or sales process
2. The message relates to similar products and services
3. The recipient was given the option to opt out
Databases are protected under the Copyright, Designs and Patents Act 1988 and the European Union 1996 Directive No. 96/9/EC. You cannot collect and use data without the owner’s permission or outside the terms of the owner’s legal conditions of use.
For example, collecting information from directories or the internet, such as Yellow Pages/Yell.com for sales/marketing purposes constitutes an infringement of copyright and could result in prosecution and heavy fines. Ignorance is no excuse – using a contact list supplied by a new salesperson, for example, means you could still be prosecuted if you are not aware that the data was protected by copyright.
Data Protection Act
The Data Protection Act relates to the processing of personal information held on a database. It does not relate to companies, although as some businesses are sole traders or partnerships the Data Protection Act may relate to them if the business information is the same as the personal information.
If a company holds data and manages a database that includes personal data, it must be a registered Data Controller with the Information Commissioner’s Office. It is important that your database provider is a registered Data Controller and this can be checked by the ICO.