By Lisa Goldsmith, Consultant, Naomi Korn Associates

As the new GDPR (General Data Protection Regulation) law is upon us, professional membership bodies must, if they haven’t done so already, consider their marketing practices and ensure that they are compliant with both the GDPR and the EU e-Privacy Directive PECR (Privacy and Electronic Communication Regulations). The PECR sits alongside the GDPR and governs/promotes best practice for organisations sending electronic direct marketing communications (e.g. email, telephone, text, fax and other digital communication channels – e.g. websites using cookies etc). With this in mind, it’s important to ensure that current marketing practices are compliant with the GDPR and PECR. This post highlights some of the challenges faced by professional membership bodies and offers some helpful tips to boost your business to customer (B2C) marketing capabilities (e.g. to current and potential members) in a compliant way using email and telephone marketing and postal marketing to increase your reach.

Requirements of the GDPR/PECR:

A very brief outline of the legal requirements for direct marketing are:

Telephone marketing:

  • You can make live marketing calls (e.g. not automated) calls to individuals providing you:
    • Screen against the Telephone Preference Service (TPS). You can only call individuals who are registered on the TPS if you have their prior consent to call them
    • Exclude anyone who has told you they don’t want to receive calls
    • Ensure that your number is displayed to the caller
  • You can only make automated calls to individuals with their prior consent. In line with the GDPR, consent must be freely given, explicit, unambiguous and informed (i.e. the individual(s) know they’re signing up to automated calls)

Email marketing:

  • You can send email marketing messages to individuals if you have captured their prior consent (in line with the GDPR requirements for capturing consent) to do so
  • For existing customers purchasing commercial products only; you can send email marketing messages if you used the soft opt-in method when the individual purchased a product providing you have given them the option to opt-out at the time of purchase and with every communication thereafter

Postal marketing:

Many non-profits are looking to use postal marketing using ‘legitimate interest’ as their legal basis under the GDPR. It is acceptable for organisations to market to individuals by post providing:

  • Individuals can reasonably expect to be marketed to (e.g. sending a lapsed campaign inviting them to re-join)
  • You screen against the Mailing Preference Service (MPS)
  • The legitimate interest pursued by the organisation does not outweigh the rights and freedoms of the individual receiving the direct marketing
  • Individuals are given an opportunity to opt-out and those who have already opted-out are excluded from receiving those communications

It is advisable to read the full guide on the PECR and the GDPR on ICO website. When capturing consent, organisations must be able to demonstrate that GDPR compliant consent was captured and that sufficient measures are in place for individuals to withdraw consent.

 (c) Naomi Korn Associates, 2018, Some Rights Reserved. The text of this blog is available for reuse under a Creative Commons Share Alike Licence. The image is available under a CC Zero Licence