The ICO exists to empower you through information.

You want to send postal direct marketing to organisations

The PECR rules don’t apply to direct marketing sent by post, so you can send marketing post to corporate bodies.

If you’re not using people’s information to send postal marketing to a business, data protection rules don’t apply. For example, if you’re addressing the post to “the IT department”, this doesn’t contain personal information.

It’s good practice – and good business sense – to keep a “do not contact” list of any businesses that object or opt out, and to check any new marketing lists against it.

If you’re using people’s information to send these messages, or addressing the post to someone who can be identified, eg Joe Bloggs or “the Information Commissioner”, you must comply with data protection rules. This includes where you’re sending marketing to named employees or you’re using personal information to decide who to send the marketing to.

This means you must identify an appropriate lawful basis. Legitimate interests or consent may be the most appropriate for you.

Legitimate interests

To rely on legitimate interests, you must balance your interests against those of the people whose information you’re using. This means you should think about what you’re getting out of using people’s information and balance this against the possible impact on the people involved. The legitimate interests impact assessment below can help with this:

Step one: The purpose test

Identify what your reason is for using the personal information and decide whether it provides a clear and specific benefit to your organisation, the people whose information you’re using, or someone else.

Step two: The necessity test

Think carefully about whether you need to use the personal information to achieve the purpose you decided on in step one, or whether there’s a less intrusive way to achieve it.

Step three: The balancing test

Balance your need to send the marketing messages against the impact it will have on people. Think about the interests and rights of the people the information relates to, and whether these are more important than the benefits you identified in step one.

Consent

If you’re relying on consent, you must make sure people:

  • know and understand what they’re consenting to (including what the marketing is about and the method(s) being used to send it);
  • consent separately to each method of marketing you want to use;
  • give consent freely, without being pressured or it being a condition of receiving a service;
  • consent to receiving marketing from your organisation specifically (this means you must be named);
  • demonstrate consent using a clear, positive action, eg ticking an opt-in box; and
  • are able to withdraw their consent at any time. You must let them know how to do this and make it as easy as possible.

You must keep a record of their consent, including when and how you got this consent.

What else do you need to do?

Where you’re contacting named employees and you’ve collected their information directly from them, you must tell them what you’ll do with their information when you collect it. If the information doesn’t come directly from the person themselves, you must tell them within a calendar month (or sooner), unless an exception applies.

You must stop sending marketing to named employees if they object (eg if they unsubscribe or withdraw their consent). You shouldn’t simply delete their details though. You should keep just enough information to make sure they’re not later put back on your marketing list by mistake – having a “do not contact” list will help with this.

Before sending marketing, you should check your “do not contact” list to make sure someone hasn’t said they don’t want to receive marketing from you.

You should screen against the Mail Preference Service. This is a requirement under some industry codes.

 

We’d love to hear your views about the direct marketing interactive tool, so we’d encourage you to come back to this page after using it to complete our short survey. Your feedback will help us improve the service for other users. You can also view the survey as a PDF file.

 

Also see:

  • An introduction to direct marketing – a step-by-step guide for your small business
  • Making marketing work for you and your customers
  • Marketing FAQs
  • Data protection for direct marketing: a two-minute guide
  • Soft opt-in for email and text marketing: a two-minute guide
  • Data protection and telephone marketing: a two-minute guide