ICO says The use of direct marketing lists is a legitimate marketing medium
ICO Guidance on use of Direct Marketing Data
The ICO has issued guidance on using purchased data in Direct Marketing. T2D Is ensuring that all data we supply is complaint with GDPR and the steps that need to be taken when using the data.
GDPR recital 47 states “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”
The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.
Here are some first steps to take
- Check the origin and accuracy of bought-in lists. Make sure the data owner confirms GDPR compliance in writing. You should screen call lists against the TPS, or CTPS and only use bought-in lists for email, text or recorded calls with very specific consent.
- In-house marketing lists, use opt-in boxes wherever possible. Specify consent to marketing by email, by text, by fax, by phone or by a recorded call. Ask for specific consent also if you want to pass details to other companies, and make sure you name or describe those companies and record all consents.
Keep clear records of consent, and keep a ‘do not contact’ list of anyone who objects or opts out.