Direct marketing

Copyright © 2024 LexisNexis

This subtopic provides practical guidance, tools and templates to assist commercial organisations based in the UK with direct marketing data protection obligations. It reflects the UK General Data Protection Regulation (UK GDPR) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003) and covers telephone marketing, postal marketing, email marketing and other electronic mail direct marketing.

This subtopic takes account of direct marketing guidance published by the Information Commissioner’s Office (ICO) on service messages, refer-a-friend campaigns, regulatory communications, market research including selling under the guise of research (sugging), tracking pixels, marketing lists, suppression lists and preference centres. It reflects the ICO’s:

  1. Direct marketing guidance, and

  2. Guidance on direct marketing using live calls and Guidance on direct marketing using electronic mail

It also reflects the ICO’s draft Direct marketing code of practice, but is subject to change if the final Code diverges from the draft.

The guidance and tools in this subtopic include:

Practice NotesPrecedentsFlowcharts
How to handle personal data for direct marketing
Direct marketing compliance
Direct marketing—practical examples
Direct marketing—UK GDPR and PECR 2003 interplay		Direct marketing policy—data protection compliance
Preference

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

New Risk & Compliance forecast as at 20 November 2024

Our new Risk & Compliance forecast (as at 20 November 2024) is now live. This month we report on items including: (1) publication of the long-awaited government guidance on the failure to prevent fraud offence; (2) consultation by the Financial Action Task Force (FATF) on proposed changes to FATF Standards and updates to grey listing criteria by FATF to increase focus on risk; (3) updates on the Data (Use and Access) Bill and Employment Rights Bill, and (4) three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection.

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Risk & Compliance weekly highlights—21 November 2024

This week's edition of Risk & Compliance weekly highlights includes: the latest financial sanctions updates, an updated list of businesses not compliant with money laundering regulations from HM Revenue & Customs (HMRC), initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB) and final versions of a suite of new guidance to support in-house solicitors from the SRA.

FCDO implements new sanctions against international kleptocrats

The Foreign, Commonwealth & Development Office (FCDO) has announced a significant expansion of the UK's anti-corruption efforts through the imposition of sanctions on three high-profile kleptocrats and their associates. These measures, implemented under the Global Anti-Corruption Sanctions Regulations 2021 (SI 2021/488), include asset freezes and travel bans targeting individuals accused of embezzling substantial sums from Ukraine, Angola, and Latvia. The sanctions mark the commencement of a new campaign by the Foreign Secretary to combat corruption and illicit finance, with cross-governmental cooperation to protect UK interests and support global economic integrity. The initiative is bolstered by ongoing collaboration with the National Crime Agency's International Anti-Corruption Coordination Centre (IACCC) and International Corruption Unit (ICU), demonstrating a comprehensive approach to tackling financial crime and sanctions evasion.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

If a multinational company with entities in a number of EU states has registered a data protection

If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?Under Article 37

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may not

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to

Data protection officer—DPO—job description and role profile

Data protection officer—DPO—job description and role profile1DPO detailsName of organisation[Insert name of organisation]Name of DPO[Insert name]Reports to[Insert name and/or position]Full time/part time[Insert]Details of any other roles held within the organisation[Insert details of any other roles
If a multinational company with entities in a number of EU states has registered a data protection

If a multinational company with entities in a number of EU states has registered a data protection

If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?Under Article 37

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may not

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to

Data protection officer—DPO—job description and role profile

Data protection officer—DPO—job description and role profile

Data protection officer—DPO—job description and role profile1DPO detailsName of organisation[Insert name of organisation]Name of DPO[Insert name]Reports to[Insert name and/or position]Full time/part time[Insert]Details of any other roles held within the organisation[Insert details of any other roles