What do we mean by ‘marketing’?
Direct marketing is defined in the DPA as ‘the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals’. The UK Information Commissioner has confirmed this includes ‘all advertising or promotional material, including that promoting the aims or ideals of not-for-profit organisations’. From this we can assume that some University communications will be direct marketing. For example, telephone requests for donations and emails or texts about UEA events can all be direct marketing.
When do we need to take PECR (and DPA) into account?
Anyone undertaking unsolicited (i.e. not specifically requested) promotional activities, directed at individuals, with the intention of getting them to do/buy/attend or otherwise engage with a UEA product or service, should consider their obligations under the DPA. If the unsolicited marketing is to be done by electronic means then PECR must also be followed. If you pay someone else to undertake your marketing activities, you are both responsible for complying with PECR.
What is not included?
As these rules only apply to marketing directed at individuals, other activities, such as online advertising, are not covered by PECR or DPA. Also note that routine communications with existing students and staff are unlikely to count as direct marketing.
Types of electronic communication
Under PECR there are different rules for different types of electronic communication. The Information Commissioner’s Office has produced helpful guidance on telephone marketing, fax marketing, and email marketing (includes SMS and direct messaging via social media). If you or your department are considering these kind of marketing activities, read these first.
Consent
Gaining consent of the person/people you want to contact is key to PECR compliance. Consent must be knowingly and freely given, relevant to the target audience and relate to the type of marketing activity you wish to undertake. The giving of consent should involve a positive action – i.e. a requirement to ‘opt in’ to receiving marketing communications.
Avoid ‘opt out’ messages, especially those that are confusingly worded: e.g. ‘untick this box if you agree to not giving consent…’ This is bad practice and does not equate to giving active consent.
Consent is required in almost all cases, however if you are doing email marketing for commercial purposes you may be able to rely on what is known as a ‘soft opt in’ when contacting existing customers. See the Information Commissioner’s guidance on when the soft opt in can be used.
Remember, even once you get consent for marketing, people are entitled to withdraw it at any time. You should therefore make it straightforward for them to do so; e.g. an ‘unsubscribe’ option in all email communications. Keep records of who has, and hasn’t given consent and make sure you screen your communications against your opt out list. Be aware of the Telephone Preference Service and Fax Preference Service and screen your calls/faxes accordingly.
Further information: See the ICO guide on Direct Marketing