GDPR: How it affects direct marketing
04 Apr 2018
Guidance for those sending out newsletters or information to mailing lists
Do you work in marketing or send out newsletters or information promoting events, activities, products or services to people outside of the University?
If so, depending on the context of the relationship you have with these people, you may need to gain their ‘unambiguous’ consent as well as give them an opportunity to stop receiving the information in every communication you send.
The General Data Protection Regulation (GDPR) comes into force on 25, May 2018, and requires anyone collecting and using person identifying information (PII) such as email addresses, to provide those people with details about what we are using their data for.
Where this relates to direct marketing sent electronically (email, SMS or social media direct message) you need to seek their consent in advance and respect their wishes should they want to stop receiving the information from us. In this context the consent must be unambiguous which means they have to ‘opt-in’.
What is Direct Marketing?
Direct marketing is broadly defined as sending information about future events, or newsletters or other information promoting an activity, product or service to individuals and specific rules apply if this is sent electronically and to people that that the University does not have an existing relationship with (this will usually apply to third parties such as prospects, customers, visitors, people you think may be interested in hearing about your work).
What do I need to do?
If you have a mailing list of third party contact details (such as business contacts, visitors, customers or people making enquiries about future study) you need to consider how you obtained these details and be sure you have consent to send them this type of information.
If you’re unsure what these people were previously told then you have a limited opportunity to contact them and ask them to define their preferences before 25, May 2018.