Click to toggle details
Latest updates
28 March 2023 - this guidance is published.
At a glance
- This guidance is for you, if you operate in a regulated private sector such as finance, communications or utilities.
- ‘Regulatory communications’ are when a statutory regulator asks or requires the industry it regulates to send specific messages to people.
- Data protection law (the UK GDPR and Data Protection Act 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR) don’t stop you from sending regulatory communication messages. However, you must make sure that you comply with the law.
- Direct marketing covers all types of advertising, marketing or promotional material. It includes commercial marketing and the promotion of aims and ideals.
- In many cases, it is unlikely that regulatory communication messages count as direct marketing. But in some cases they do.
- The phrasing, tone and context of the regulatory communication message are likely to determine if it is direct marketing.
- If the message is neutral in tone and doesn’t contain any active promotion or encouragement for people to take a particular action, then it is unlikely to be direct marketing. However, if your message actively promotes an initiative, by highlighting the benefits and encouraging people to participate or take a particular course of action, it is likely to be direct marketing.
- Knowing whether a regulatory communication message is direct marketing means that you can take steps to comply with the relevant rules.
- If a regulatory communication message is direct marketing, the right to object to direct marketing applies. Depending on your method of communication, the marketing provisions of PECR may also apply.
- You still must comply with data protection requirements (eg fairness, lawfulness and transparency) when you use information about people. This is regardless of whether a regulatory communication message is direct marketing.
In brief
Who is this guidance for?
This guidance is for you, if you are in the private sector and operate in a regulated sector. By regulated sector, we mean those sectors where a statutory regulator has oversight, for example:
- the finance sector (eg Financial Conduct Authority);
- the pensions sector (eg The Pensions Regulator);
- the communications sector (eg Ofcom); or
- the energy sector (eg Ofgem and the Utilities Regulator Northern Ireland).
The guidance will help you decide when a regulatory communication message might count as direct marketing. If the message is direct marketing, it also covers what you need to do to comply with data protection law (the Data Protection Act 2018 (DPA 2018) and the UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (as amended) (PECR).
What is a legal requirement in this guidance and what is good practice?
In this guidance, where we use the word “must”, this means that the law requires you to do something (so it is a legal requirement). Where we use the word “should”, this isn’t a legal requirement but is what we expect you to do to comply effectively with the law. You should follow this unless you have a good reason not to (good practice). If you take a different approach you must be able to demonstrate that this complies with the law. Where we use the word “could”, this refers to an option(s) that you may want to consider to help you comply (good practice). We have highlighted these words throughout the guidance for ease of reference.
What are regulatory communications?
‘Regulatory communications’ describe situations when a statutory regulator asks or requires their industry to send out specific messages to people. For example, this might include information about new initiatives or to promote competition in the market.
In some cases, the statutory regulator might specify the message’s content or define the parameters. For example, the type of consumer to send the message to, how often to send it or even the message’s content. In other cases, the statutory regulator may take a less prescriptive approach and let you decide how to handle it.
Regulatory communications are sometimes information that a statutory regulator requires you to put into your routine correspondence with people. For example, including a sentence within an end of contract or renewal notice telling people that they may find a cheaper deal elsewhere.
What is direct marketing?
The DPA 2018 says direct marketing means:
“the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”
This definition covers all types of advertising, marketing or promotional material. It includes commercial marketing (eg promotion of products and services) and also the promotion of aims and ideals (eg fundraising or campaigning). It covers any method of communication, such as:
- emails and text messages;
- phone calls;
- post;
- online behavioural advertising; and
- social media marketing.
To count as direct marketing, a communication must be “directed to” particular people. For example, personally addressed post, emails to a particular account or calls to a particular number.
This definition also applies to PECR, which cover sending electronic marketing messages (eg by phone, email or text message).
Why is it important to know if regulatory communication messages are direct marketing?
Knowing whether a regulatory communication is direct marketing means that you can take steps to comply with the appropriate rules.
This is important as there are additional things you need to consider if the message you want to send will count as direct marketing. You must:
- give people the absolute right to object to direct marketing; and
- ensure that electronic messages comply with the direct marketing provisions in PECR.
See the section What do we need to do if a regulatory communication is direct marketing? for more information.
Statutory regulators have people’s interests in mind when asking their sectors to send regulatory communication messages. However, it is important to remember that data protection and PECR rules may still apply to messages that are sent to:
- meet a regulatory objective;
- comply with a licence condition; or
- meet a wider public policy initiative.
We recognise the importance of complying with your statutory regulator’s requirements. But while your statutory regulator may require you to convey a particular point to people, they don’t expect you to contravene other laws.
How do we decide if a regulatory communication message is direct marketing?
You should consider the context and the content (ie phrasing and tone) of the regulatory communication, including how you intend to deliver the message to people. This is likely to determine if it is direct marketing.
The wider public policy objective of the regulatory communication, or the fact that it is your statutory regulator asking you to communicate something, doesn’t impact whether a message counts as direct marketing.
If your message actively promotes an initiative, it is likely to be direct marketing. For example by highlighting the benefits and encouraging people to participate or take a particular course of action.
However, if your message is in a neutral tone and doesn’t contain any active promotion or encouragement for people to take a particular action, it is unlikely to count as direct marketing. For example, factually presenting people with their options once a fixed term contract with you ends.
The context will also help you decide. For example, it is unlikely to be direct marketing if, as well as a neutral tone, the information you need to give people is:
- solely for their benefit; and
- against your interests and your only motivation is to comply with a regulatory requirement (eg the regulator is requiring you to tell people to consider using your competitors’ services, or tell them that the contract or service they have with you isn’t good value).
You should take into account the particular circumstances and consider the specifics of the message rather than taking a blanket approach. For example, it is important to remember that adding a regulatory communication message into the content of a routine service communication (eg billing information) doesn’t automatically avoid it being direct marketing. If your routine communication has marketing elements, then it is direct marketing. This is true even if that isn’t the main purpose of the communication.
We have produced some examples to help you decide if the way you intend to comply with a regulatory communication is likely to count as direct marketing.
Does our choice of lawful basis affect whether the message is direct marketing?
No. Your choice of lawful basis doesn’t determine whether your regulatory communication message is direct marketing.
In some instances, the requirements set by a statutory regulator might be classified as a legal obligation. If you can demonstrate it is necessary to use people’s information in a specific way to comply with that requirement, you may be able to use the legal obligation lawful basis.
However, relying on the legal obligation basis doesn’t exempt you from PECR’s marketing provisions, if these are applicable. PECR has very limited exemptions and, in any case, it is important to remember that the regimes are separate.
Likewise, people always have the absolute data protection right to object to you using their information for direct marketing purposes. You must comply with it, no matter the lawful basis.
When are regulatory communication messages unlikely to be direct marketing?
Not all regulatory communication messages count as direct marketing.
In many cases, the context and content (ie the phrasing and tone) of a regulatory communication message may mean it is unlikely to count as direct marketing. For example, those that simply:
- give advance warning of changes to terms, conditions or tariffs;
- explain about statutory complaint or compensation schemes;
- warn about fraud and how to report it;
- remind people of how to get in touch if they are struggling with payments; or
- provide offers of support for those customers most at risk of harm.
These types of messages are similar to ‘service messages’. Service messages are messages you send to people for purely administrative or customer service purposes and don’t contain promotions or advertising. For example, messages about:
- billing and charges;
- safety issues and service interruptions; or
- updates on how their investment is performing or to make people aware of how you’re investing their money.
In some cases, the way you deliver the message may mean it is not direct marketing. This is because it doesn’t count as being “directed to” particular people. For example:
- Displaying the regulatory communication message on your website (eg showing the same message to everyone that visits your site or to everyone that logs into their online account).
- During inbound calls (eg everyone who calls your helpline hears a recorded message outlining the regulatory communication, or your operative tells the person about it during the conversation).
- Posting the regulatory communication message on your social media account (eg broadcasting it to all your followers or all users of the platform).
- Using television, radio or streaming services to get the regulatory communication message across (eg broadcasting the message to all viewers, listeners or subscribers to the service).
- Using features or adverts in magazines and newspapers to tell people about the regulatory communication.
Remember that data protection law still applies if you are using people’s information even if a regulatory communication message is not direct marketing, including:
- fairness;
- lawfulness;
- transparency; and
- the general right to object (if your lawful basis is legitimate interests).
For example, when you collect contact details from people, you must clearly tell them about the type of messages they can expect to receive from you.
What do we need to do if a regulatory communication message is direct marketing?
Data protection law and PECR don’t stop you from contacting people about the regulatory communication in a way that counts as direct marketing. But you must follow the rules.
The majority of the data protection rules apply when you use people’s information for any purpose, not just for direct marketing (eg fairness, lawfulness, transparency). The only difference here is that the right to object to direct marketing applies. Depending on your chosen direct marketing method, PECR may also apply.
For example, depending on the method of communication that you want to use, this means you must:
- check phone numbers against the Telephone Preference Service (TPS) and your own ‘do not call lists’ before making live direct marketing calls;
- have consent to make automated direct marketing calls;
- have consent or meet all the requirements of the ‘soft opt-in’ for electronic mail direct marketing (eg text messages or emails); and
- respect people’s wishes and don’t send direct marketing to anyone who objected, opted out or unsubscribed.
For more information on this, see the further reading box below.
It is unlikely that a ‘one size fits all’ approach to contacting people directly will be appropriate. You should consider what direct marketing permissions and preferences you have from people and tailor your contact by using appropriate methods of communication for each group.
Someone may have previously agreed to get your direct marketing (eg in situations where you were required to have consent for that particular method of sending messages). If so, a regulatory communication message that is direct marketing is likely to be compliant (assuming the original consent is valid and would cover that particular marketing).
Likewise, if someone has not opted-out of your direct marketing (eg as part of the electronic mail soft opt-in), you might be able to rely on this to send them regulatory communication messages that are direct marketing. You still need to check you are meeting any other PECR requirements.
Example
A company is told by its statutory regulator to encourage people to have a new optional product. The company considers how best to achieve this objective.
The company decides that sending messages directly to people to encourage them to have a new optional product is likely to be direct marketing, no matter how they phrase it. It notes that its customers’ marketing preferences vary.
The company takes into account PECR marketing rules and any objections to direct marketing that it has received. It tailors the methods of communicating the message to customers according to their preferences. For example, it checks against the TPS for live calls and ensures it either has consent or can meet the soft opt-in for emails.
Having checked it is compliant with PECR to do so, the company sends emails and makes calls to encourage people to have the optional product. It decides to initially send one message per person, where it is compliant to do so. It will then follow this up with a further communication two months later to remind customers of the offer.
It also decides to use methods that are not “directed to” particular people. For example, it places a recorded message about the optional product on its helpline and uses messages on its website that all visitors see.
What else do we need to consider?
You must consider necessity and proportionality when assessing how to deliver a regulatory communication message. This applies whether or not the message counts as direct marketing.
Your use of people’s information should be a targeted and proportionate way of achieving a specific purpose. If you can reasonably achieve the purpose by some other less intrusive means, or by using less information about people, then you are unlikely to show necessity.
You should also consider if your chosen method of delivering the message and its frequency is necessary and proportionate. For example, although it may be necessary to send one email to someone outlining the regulatory communication, it may not be necessary or proportionate to send them multiple emails containing the same message. Likewise, it may not be proportionate to follow these emails with phone calls and text messages.
Frequency of a message can sometimes cause people stress and worry (especially for those most at risk of harm). Likewise, certain methods and timings can cause people concern. For example, making phone calls at anti-social hours or frequent redials of unanswered numbers. To be fair to people, you should take care when deciding which ways to use and how often you contact people about a particular regulatory communication.
Examples
The following hypothetical examples show two contrasting step-by-step approaches to a regulatory communication message. They will help you decide if the way you intend to comply with a regulatory communication is likely to count as direct marketing.
Please note that these examples are for illustration purposes only and may not be the only way to comply. You may find that you can phrase or tailor a regulatory communication message in a different way which doesn’t count as direct marketing and satisfies your statutory regulator’s requirements. Likewise, the content of these examples is not intended to override wording that your statutory regulator may require you to use in a regulatory communication message.
Example 1
A statutory regulator tells its sector to increase people’s awareness about what happens when they reach the end of their fixed contract and what their options are. This includes telling people what deals a new customer can access. The statutory regulator explains the type of things the message should cover but not exactly how to present it.
| Not direct marketing |
Organisation A decides to approach the regulatory communication by sending the following message to its customers:
“Your contract with us will end on 31 March. Your payments will continue at your current rate of £40 per month.
You have a number of options available to you. You could:
- continue to pay £40 per month;
- take out a new contract with us;
- cancel your service with us; or
- move to another provider.
To help you decide please see the following information:
Your current service
You currently pay £40 per month for your service.
Please note that you will continue to pay this price after 31 March unless you take out a new contract or cancel.
Your new contract
If you want to stay with us, we can offer you a new contract for the same level of service at £38 per month.
If you were a new customer you would be charged £35 per month for the same level of service (please note, this is not available to you as an existing customer).
If you want to take out a new contract with us or cancel your service, please go to our website or call 0123456789.
Remember: you may find a cheaper service by shopping around and using another provider.”
|
| Direct marketing |
Organisation B decides to approach the regulatory communication by sending the following message to its customers:
“Your contract with us will end on 31 March. Your payments will continue at your current rate of £40 per month.
**But there is great news that as a valued customer you qualify for our special contract deal**
Your current service
You have been enjoying our great service for £40 per month. You will continue to pay this price after 31 March unless you take out a new contract or cancel.
Your SPECIAL OFFER price
As a valued customer we can offer you a new contact at £38 per month for the same coverage. That’s right - you can SAVE money whilst still keeping the same award-winning service.
If you were a new customer you would be charged £35 per month for the same level of service (please note, this is not available to you as an existing customer).
**Don’t delay and call now on 0123456789 or go to our website to secure your special offer price**
Remember: you may find a cheaper service by shopping around and using another provider.”
|
Why?
Organisation A chose to factually present the regulatory communication in a neutral and informative way, without encouragement or promotion. This means the message doesn’t count as direct marketing.
Organisation B chose to use the communication to promote and encourage people to take out a new contract. Therefore this message is direct marketing.
Example 2
A statutory regulator tells its sector to inform people in advance if there will be a rate change and what their options are. The statutory regulator doesn’t say how to communicate this to people.
| Not direct marketing |
Organisation C decides to approach the regulatory communication by sending the following message to its customers:
“We are reducing the rate paid on your account. This takes effect from 1 January.
Your new rates are shown below:
| Current rate |
New rate |
| 1.0 |
0.5 |
Your options
You should think about what you’d like to do. Your options are:
- Keep your account
If you want to keep your account, you don’t need to do anything.
- Move to another account with us
If you’d like to think about moving to another of our accounts, please see our current range at organisationC.com/accounts.
- Close your account or withdraw your money
We don’t want to lose you, but you can close your account at any time.”
|
| Direct marketing |
Organisation D decides to approach the regulatory communication by sending the following message to its customers:
“We are reducing the rate paid on your account. This takes effect from 1 January.
Your new rates are shown below:
| Current rate |
New rate |
| 1.0 |
0.5 |
Your options
You should think about what you’d like to do. Your options are:
- Keep your account
We still have the best rate around which means even though the rate has reduced you are still getting a great return. Also, this means you will continue to receive our great service and member benefits. If you want to keep your account, you don’t need to do anything.
- Move to another account with us
We have other fabulous accounts with lots of special rates, exclusive deals and benefits for loyal customers like you. But some of these are time limited, so don’t miss out on a great new account. See organisationD.com/accounts for our exciting range.
- Close your account or withdraw your money
We’re sure you’ll want to continue to benefit from having an account with us, but if you don’t you can close your account at any time.”
|
Why?
Organisation C chose to factually present the options to customers in a neutral and informative way, without encouragement or promotion. This means the message doesn’t count as direct marketing.
Organisation D chose to use the communication to encourage customers to stay with it and promote its accounts. Therefore this message is direct marketing.
Example 3
A statutory regulator asks their sector to remind people that their contributions affect the size of their investment at the end of the term.
| Not direct marketing |
Organisation G decides to comply with the regulatory communication by sending the following message to customers (tailored to each person’s specific circumstances):
“Your contributions affect the amount of money you will get at the end of your investment.
The amount you pay into your investment is a factor in the amount of return you receive. Your investment is currently xx a month.
Please see the following illustrations which shows the projected return on your investment if you increased your payments:
- Your current payment of xx a month = xxx projected return
- Increasing your payments by 5% to a payment of xx a month = xxx projected return
- Increasing your payments by 15% to a payment of xx a month = xxx projected return
If you are interested in increasing your monthly payments, please visit our website at organisationG.com/investments for more information on how to do this. Here you will also find further advice and investment calculators. Or, call our helpline where one of our advisors will be happy to assist you.”
|
| Direct marketing |
Organisation H decides to comply with the regulatory communication by sending the following message to customers (tailored to each person’s specific circumstances):
“Great news, increasing your contributions may help you get a better return on your investment”
The amount you pay into your investment is a factor in the amount of return you receive. Your investment is currently xx a month.
Please see the following illustrations which show the projected return on your investment if you increased your payments:
- Your current payment of xx a month = xxx projected return
- However, the good news is that by simply increasing your payments by 5% to a payment of xx a month you can have great results, meaning a xxx projected return.
- But if you can put in more, the benefits are even better. Increasing your payments by 15% to a payment of xx a month = xxx projected return
As you can see increasing your payments is a wise decision so you can get the best return on your investment. Visit our website at organisationH.com/investments or call our helpline to increase your monthly payments today. Don’t forget to check out our other exclusive products and investment calculators on our website.”
|
Why?
Organisation G chose to present the reminder factually in a neutral and informative way that lets customers decide whether to increase their contributions. This message doesn’t count as direct marketing.
Organisation H chose to use the reminder to actively promote and encourage customers to increase their contributions. Therefore this message is direct marketing.
Example 4
A statutory regulator tells its sector to regularly remind people of measures they can take to be more environmentally friendly.
| Not direct marketing |
Organisation X decides to comply with the regulatory communication by adding a message into the billing information that it sends to customers. It adds the following message at the end of the billing information:
"Our website contains advice and tips on how you can be more environmentally friendly. Go to organisationX.com/environment for more information."
|
| Direct marketing |
Organisation Y decides to comply with the regulatory communication by adding a message into the billing information that it sends to customers. It adds the following message at the end of the billing information:
"We are constantly working to be more environmentally friendly and we are passionate about helping you to help the environment too. This is why we have a great new area of our website that contains fabulous hints and tips to help you become more environmentally friendly, and useful discounted green products you can buy. Go to organsationY.com/environment for more information."
|
Why?
Organisation X chose to use a neutral tone to tell customers that its website contains information on being environmentally friendly. The addition of this message onto the billing information doesn’t count as direct marketing.
Organisation Y chose to actively promote itself in the message. Therefore the addition of this message to the billing information is direct marketing.
Example 5
A statutory regulator tells its sector to remind people who are currently out of their initial deal what their options are. The statutory regulator tells its sector at what intervals to send the reminders but not exactly how to present them.
| Not direct marketing |
Organisation J decides to approach the regulatory communication by sending the following message to its customers (tailored to each person’s specific circumstances):
“Your initial deal ended six months ago and you were automatically moved to our standard tariff.
This means your payments increased to £XXX per month as the rate on our standard tariff is currently X%.
The rate you pay on our standard tariff is higher than you would pay if you took out a deal with us.
If you would like to take another deal with us, some of the options we can currently* offer you are:
- a 2 year deal at X% for which you would pay £XXX per month
- a 3 year deal at X% for which you would pay £XXX per month
For more information on the products that we have available and apply for a new deal, please go to our website or call 0123456789.”
*Products can be withdrawn.
|
| Direct marketing |
Organisation K decides to approach the regulatory communication by sending the following message to its customers (tailored to each person’s specific circumstances):
“**Help yourself to a great new product**
Your initial deal ended six months ago and you were automatically moved to our standard tariff.
This means your payments increased from £XXX per month as the rate on our standard tariff is currently X%.
The rate you pay on our standard tariff is higher than you would pay if you took out a new deal with us.
We have very special deals at the moment that we can offer you*. These are:
- our five star best buy 2 year deal at X% for which you would pay £XXX per month
- a great value 3 year deal at X% per month for which you would pay £XXX per month
These award winning offers won’t be around for long. To apply for a new deal, please go to our website or call 0123456789.
*Products can be withdrawn.
|
Why?
Organisation J chose to factually present the regulatory communication in a neutral and informative way, without encouragement or promotion. This means the message doesn’t count as direct marketing.
Organisation K chose to use a promotional tone within the communication. Therefore this message is direct marketing.