• +0121 585 5725
  • heathera@jpm-insurance.co.uk
A mass of envelopes flying across the screen. Under them the words "Make Your Email Marketing Compliant" hang.

Make Your Email Marketing Compliant

Over the years, marketing campaigns have evolved from the simple, en masse postal delivery to the more audience-specific electronic system.

Regardless of how your organisation chooses to distribute its marketing campaign, you must ensure that your email marketing campaign complies with the regulations—the majority of which are enforced by the Information Commissioner’s Office (ICO).

As the owner or manager of an organisation, you are obligated to adhere to several regulations, the two most important being The Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

The DPA is composed of eight principles that outline how members of the community’s personal information—ethnicity, political affiliation, religious beliefs, sexual orientation, etc.—is to be accessed and shared. The PECR explicitly states that it is unlawful to send direct marketing to individuals who have not specifically granted permission. If your organisation fails to comply with these or any other related regulations, you could face fines as well as criminal charges. Establishing the proper framework for your campaign can help your organisation remain compliant.

Marketing Campaign Framework

A strong, well-written email marketing and/or text message campaign is structured around clearly explaining these three principle components:

  • Who your organisation is, what your goals are and the nature of your campaign
  • That your organisation is selling a product or information
  • The detailed outline of the terms and conditions of the promotions linked to your marketing campaign

An effective strategy to incorporate these principles and stay compliant is through the use of opt-in and opt-out clauses. These clauses are typically integrated into your initial message—prompting recipients to either opt-in (agree to receive emails/texts from your organisation as well as consent to the use of their personal information) by checking the appropriate box or opt out (unsubscribe) by leaving the box empty. Alternatively, your message can have all options already checked (e.g. recipients agree to receive emails/texts from your organisation as well as consent to the use of their personal information) and they can opt out by unchecking the options they do not want. Every marketing email you send must give the recipient the ability to opt out of receiving further emails.

After your organisation has finished developing its marketing campaign and formatting the opt-in and opt-out clauses, you need to verify that your campaign will not target individuals who have asked to not receive marketing emails or texts. To confirm that your marketing campaign participant list is compliant, use the Email Preference Service by clicking here.

The Importance of Consent in Marketing

Before your organisation launches its email marketing campaign, it is critical that you review whether you have the target audience’s consent. For electronic marketing campaigns, the ICO defines consent by four distinct criteria:

  • The targeted individual has provided the organisation with notification of his or her consent
  • The timeline for how long the individual’s consent will be valid must be provided (i.e. is the consent for a one-off message, or does it need to be given for an extended period of time?)
  • The targeted individual has to provide consent for the given type of marketing campaign (i.e. your organisation cannot make automated calls to his or her home if he or she has only given consent to receive marketing emails)
  • An individual’s consent is non-transferable—your organisation must directly receive the individual’s consent.

However, there are two exceptions to these guidelines: implied consent and indirect (third-party) consent. Implied consent details that while consent for marketing campaigns does not always need to be explicit, it must involve the individual freely providing his or her agreement to the use of his or her information. Indirect consent refers to any organisation using a bought-in marketing list. If your organisation chooses to use a bought-in marketing list, review the provided information to verify that you are legally authorised to contact the individuals named in the list.

In most cases, indirect consent does not provide enough authorisation to send email marketing messages. Only if the individual had provided consent to a specific category of organisations or companies can indirect consent be considered enough.

As a liability measure, once your organisation has obtained consent, you may want to record the date on which it was received, the method by which it was obtained, who collected the consent and the specific information to which the individual consented. Detailed documentation of your marketing list participants mitigates your organisation’s risk of breaching compliance.

The Penalties of Noncompliance

When your organisation is preparing to launch an email marketing campaign, you need to ensure that you have received the proper consent. There is no substitute for receiving the proper consent. The following work-around strategies will only result in noncompliance:

  • ‘Sugging’: Avoiding direct marketing rules by labelling messages as surveys or market research
  • Relying exclusively on indirect consent
  • Using a certain method to send marketing materials for which the recipient did not give consent

If your organisation is found to have violated any part of the legal framework that protects individuals’ privacy rights, you could face stiff fines, loss of public credibility and even criminal charges.

Managing Email Marketing Compliance

To ensure that your organisation remains compliant throughout its email marketing campaign, rely on these three risk management strategies:

  1. Use opt-in and opt-out clauses to clearly outline what the individual is providing consent for, how long they will be providing that consent and through which medium they will receive those messages
  2. Keep a record of who gave consent, and include when and how your organisation received that consent
  3. Review all indirect consent contacts you receive to ensure that you will not be violating any regulations

Resist the Urge to Spam: Staying Compliant

Maintaining compliance during an email marketing campaign is simple—obtain clear consent. Through careful preparation and review, your organisation has the potential to mitigate possible risks and run a successful campaign.

Author: Heather Adams
Credits: “Cyber Risks & Liabilities – Compliant Email Marketing .” (Zywave, inc. 2017)

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact a legal or insurance professional for appropriate advice. Design © 2014 Zywave, Inc. All rights reserved.


Leave a Reply