Who: Information Commissioner’s Office (ICO)
Where: United Kingdom
When: 7 December 2022
Law stated as at: 10 January 2023
What happened:
In light of its objective to use education and detailed resources to drive responsible use of data and encourage financial growth and innovation, the ICO released new guidance and resources relating to direct marketing in December 2022. This is also in line with its statutory obligation under The Data Protection Act 2018.
Why was the guidance released?
The new guidance and resources were released by the ICO in order to help organisations conduct direct marketing activities lawfully, in compliance with their obligations under data protection laws and the Privacy and Electronic Communications Regulations 2003 (PECR).
The aim of providing this guidance is to help small, medium and large businesses understand their regulatory responsibility and access compliance materials, which will have a huge cost-saving impact.
This new guidance and resources will also help the ICO’s enforcement burden, by enabling organisations and businesses to use the information and check that they comply with the relevant acts.
What does the guidance include?
The resources include:
• General direct marketing guidance
• A guide to PECR and training resources
• Alternative direct marketing guidance for SMEs, public sector, political campaigners, B2B marketing and organisations using the marketing services of data brokers
• Direct marketing checklist, FAQs and table of methods for sending direct marketing
Direct marketing code of practice
The ICO had previously committed to providing a direct marketing code of practice, however it is now thought that this new guidance will form the basis of the statutory code. The ICO are yet to clarify on this point.
Why this matters:
This new guidance and resources will be a huge help to all types of organisations, as it sets out the key issues to consider relating to processing personal data in the course of planning and conducting direct marketing campaigns. Organisations should make use of these resources in order to help comply with their obligations under data protection laws and the PECR, and to avoid being targeted and penalised by the ICO. Those that do not take advantage of this guidance will likely be in a dangerous position.