The ePrivacy Regulation (PECR) is said to particularise GDPR for electronic communications and is focused only on electronics — devices, processing techniques, storage, browsers etc.
According to the e-Privacy rules of email marketing (Reg.22), marketing emails and texts should not be sent to individuals without specific consent, although there are limited exceptions for existing customers.
Customers that have bought from you in the past can be marketed to for the same or similar products. This is by soft opt-in. However, they must be given and continued to be given, a simple way to opt-out. This should be provided in every message they are sent.
Under GDPR, consent must be freely and positively given. Therefore, a customer who purchases a product from you who does not opt-in to future mailings cannot be marketed to by you. PECR will be changing to come into line with GDPR.
Basically, where the basis of processing data is consent, then your customers must ‘re-consent’ before you are able to continue marketing.
Companies including Flybe and MoneySupermarket.com have both been fined by the ICO for continuing to contact recipients who had opted out of receiving direct marketing.
Therefore, it is vital that your business gets this right. There are consent portal software solutions out there for managing consent and the ICO have issued guidance on this subject https://ico.org.uk/media/about-the-ico/consultations/2013551/draft-gdpr-consent-guidance-for-consultation-201703.pdf
Contact our Data Protection and GDPR Lawyers Liverpool, Wirral, Merseyside and Across England & Wales
GDPR and data protection is a complex area of law. That’s why it is essential you work alongside a specialist GDPR legal team to ensure your business is compliant. We provide a thorough service, providing practical advice and solutions from staff training to third-party interactions. For a free initial consultation with our data protection and GDPR solicitors, contact us on 0151 659 1070 or complete our online enquiry form.