Currently (December 2017) all data handling in the UK is governed by the Data Protection Act 1998 (The DPA) and the eight principles detailed within this.
Electronic Marketing and Advertising in the UK is currently governed by The Privacy and Electronic Communications (EC Directive) Regulations 2003 (commonly know as PECR). This generally covers marketing by means of telephone, fax, email, SMS text, picture messaging etc.
The DPA and PECR compliment each other and are the relevant regulations relating to the Telephone Preference Service (TPS), Corporate TPS (CTPS) and the Fax Preference Service.
General Data Protection Regulation
On the 25th May 2018, the GDPR will replace the DPA, this means that the way personal data is processed will change.
ePrivacy is due to replace PECR and was originally set to coincide with GDPR when that goes live in May, however this is now unlikely to happen as the ePrivacy final text is still being negotiated in Europe.
The current ePrivacy draft text has caused many concerns and could have major effects on the UK’s Marketing industry. Legitimate interest is excluded as a valid form of consent for marketing and the text around B2B marketing is vague. The most concerning for telemarketers and call centres is that direct marketing to people via phone could be made opt-in only instead of the current opt-out method. This would effectively do away with the need for the TPS in the future because essentially everyone would be opt-out unless they specifically opted-in for direct marketing.
When GDPR goes live in May it looks highly likely that we will be running for a period of time under PECR but don’t be mistaken that you still need the proper consent to use someone’s personal details and call them if they are registered on the TPS.
This consent should be:
Subjects must have a genuine choice on whether to consent or not without detriment or loss of service.
They must specify which type of marketing they want to receive (e.g. Individual tick boxes for telephone, SMS, email etc).
They must understand what they are consenting to and information should not be hidden away in privacy policies/small print. It should be specific and unambiguous.
Indication of Agreement
Consent is a choice and using pre-ticked boxes means that customers have not made a choice, they have just failed to object.
Proof of Consent
You should record the information on display including time/date. For web collection many people record IP Address and website, while for consent given over the phone, a call recording would be a good option.
As we find out more information we will keep you updated.