Data collection guidelines for UK B2C email data
Good quality prospect and customer data is the cornerstone of a successful email campaign.
However, there are many issues to be addressed to ensure that best practice is achieved in the collection and use of data for UK based recipients.
The following best practice guidelines are based on those provided by the DMA Email Marketing Council, to guide you through some of the key legislative issues that relate to data collection and permissions in B2C marketing. (NB, this information is intended to provide guidance only, and does not constitute professional advice.)
When collecting personal data which includes an email address, Data Users (ie the organisation making use of collected data for direct marketing purposes) must:
Furthermore, Data Users should consider sending a confirmation email after individuals have signed up to receive unsolicited commercial emails, that:
- only ask for information that is necessary for the purpose for which the data will be used;
- gain positive consent to send Unsolicited Commercial Email Messages (for example with the use of an ‘Opt-In’ tick box), unless the soft opt-in exception described below applies
- Clearly confirms what the person has signed up for and what data they have provided
- Gives them the chance to correct any incorrect data and says something like 'if you've signed up in error, do this (e.g. one click, easy to use) to cancel your registration and includes a telephone number to call (customer service line) if the subscriber has any concerns.
NB. The ‘harvesting’ of email addresses from websites, emails and other sources in the public domain without seeking individual consent is highly likely to involve contravention of the 1998 Act and the 2003 Regulations.
Soft Opt-In Exclusion (ie Opt-out)
The Soft Opt-In Exclusion can be used when all of the following conditions are met:
- Email address are collected in the course of negotiations for the sale of or the sale of a product or service.
Unsolicited Commercial Email Messages may be sent to "individual subscribers" without positive consent, who are prospects or customers of the Data User; and the email address has been gathered in the course of a sale or negotiations for the sale of a product or service to the prospect or customer. and...
- The consumer is told that the mail address would be used for marketing purposes and offered an unsubscribe/opt-out facility.
In this case, the Data User must have notified the individual at the point of data capture that they would like to send the individual emails marketing the Data User’s own ‘similar products or services’. and...
- The marketing relates to similar products or services to those of the organisation collecting the data. and...
- The identity of the sender is not disguised
Data Protection Notices
When collecting an email address (online or offline), a data protection notice must be prominently displayed which clearly identifies the Data User, including the full corporate name and postal address details (which must include the registered office of the Data User if it is a registered company and may also include a trading address).
It must also include the following, unless this information is provided elsewhere on the website: company registration number, country of company registration, Vat number and any membership of a trade/professional association.