GDPR Or Getting Data Protection Ready

By Sue White, Head of Information Law Services

If you work in marketing or help to sell or promote products and services, you will know there are strict rules on how organisations may use electronic and traditional communication channels. The law may be clear but applying it in practice can still be complex.

When marketing electronically to individuals, organisations must comply with the Privacy and Electronic Communications Regulations (PECR). As with any use of personal data, they must also consider their obligations under the UK GDPR. On top of this, the Data (Use and Access) Act 2025 introduced the ability for charities to use the ‘soft opt-in’, with strict conditions, and the ICO recently issued guidance on this.

Rules for marketing to individuals also cover telephone and postal marketing. Each channel has its own rules, exceptions, and risks if you get it wrong.

For example:

Electronic marketing: usually requires clear, informed consent before you send promotional messages to individuals’ personal email addresses. In some cases, the ‘soft opt-in’ may apply, but only if strict conditions are met. The rules are different for business email addresses/.

Telephone marketing requires you to check numbers against the TPS and CTPS registers, as well as your own suppression lists, and to stop calling if someone objects.

Postal marketing is more flexible, but you must still respect individuals’ rights and make sure personal data is accurate and used fairly.

So how can organisations navigate these laws, make the most of their marketing databases, and avoid unlawful practices? How can businesses balance between being so cautious that they underuse marketing opportunities because the rules seem complex, against ignoring marketing laws and facing complaints from dissatisfied customers, who may report them to the ICO and/or take their business elsewhere, damaging brand, relationships, and trust.

Organisations must understand these rules when marketing their products and services. If you want to learn more about sending marketing communications lawfully, whether you are a charity or a commercial organisation, book a place on our next Lawful Digital Marketing and Consent course, taking place online on 7 July 2026 from 9:30am to 1pm, or contact us at info@naomikorn.com for more information.