- Back to Data Protection
- GDPR Overview
- Key GDPR Changes
- Data Protection Notices
- UCC's GDPR Project
- Individual Rights
- Data Security Breaches
- Privacy by Design & Default
- Data Protection Impact Assessments (DPIA's)
- Frequently Asked Questions
- Training and Resources
- Contact Information
Guide to Direct Marketing
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and requires anyone collecting and using personal data, such as email addresses, to provide those people with details about what we are using their data for.
Where this relates to direct marketing sent electronically (email, SMS or social media direct message) you may need to seek their consent in advance and respect their wishes should they want to stop receiving the information from us.
Students and staff
In UCC, we regularly send information to our staff and students using their University email address. Where this relates to their job or course, this is generally considered to be acceptable as it is not marketing an activity, product or service. However, if the information does fall into this category you will need to provide a way for people to ‘opt-out’. If staff or students have signed up to receive some information, but change their mind, they should also be given the option to opt-out.
Where we want to send marketing information of the kind mentioned above electronically to third parties such as business contacts, visitors or customers, we need to be particularly careful to ensure that we comply with the law.
In most instances, these individuals must be asked for their consent, or ‘to opt-in’, as this is considered electronic marketing and, in addition to the GDPR, the Privacy and Electronic Communications Regulations also apply which stipulate that consent is the only valid basis for the sending of marketing information in this context.
To be valid, the consent must be ‘unambiguous’. This means an ‘opt-in’ tick box or, in the case of a mailing list, the individual provided their contact details with the knowledge that they would receive ongoing information.
Once we have unambiguous consent we still need to provide people with an opportunity to change their minds in each communication sent. If they have not engaged with us (for example, attending an event, or using the service) in a long time (usually three to five years) we need to ask them for their consent again. No response to a request of this kind is considered the same as an ‘opt-out’.
What is Direct Marketing?
Direct marketing is broadly defined as sending information about future events, or newsletters or other information promoting an activity, product or service to individuals and specific rules apply if this is sent electronically and to people that the University does not have an existing relationship with (this will usually apply to third parties such as prospects, customers, visitors, people you think may be interested in hearing about your work).
What do I need to do?
If you have a mailing list of third party contact details that you use for marketing, you need to consider how you obtained these details:
- Were the details on your mailing list obtained directly from the individuals themselves?
- What were those people told about the information they would be receiving and what were their expectations?
- Did they consent to being contacted for marketing purposes?
- How long have you had the contact details? How long have they been receiving the information? Have they been offered an opt-out in each communication?
If after answering these questions you are happy that you have consent to send this type of information to your mailing list then you can carry on, ensuring that you continue to offer an opt-out in each future communication and refresh your consent or remove inactive individuals periodically.
If you are unsure whether you have consent, then you have a limited opportunity to seek this again before 25th May 2018.
- In any emails you send, you should state that the law is changing and that in order to carry on receiving this particular information they will need to opt-ine. let you know that they do want to receive communications from you
- Remember, no response is the same as an opt-out so you will need to remove non-responders from your list.
- You should also be very clear about the information they will receive. If you want to send multiple items, you should ask them to opt in to each thing and respect their preferences.