Following the implementation of the General Data Protection Regulation in May, firms must apply a stricter process when marketing to individuals, especially where explicit consent is necessary.
In some cases, it can be difficult to understand when to obtain this.
The law includes an absolute right for all individuals to object to the receipt of marketing material.
When is consent not required?
For most, this will be where your firm has an existing relationship with an individual and the contact arises during the general provision of your services. Some examples of this are:
- Issuing valuations
- Arranging reviews
- Sending newsletters (where these are included as part of an ongoing service).
There is separate privacy and electronic communications regulation that sits alongside the GDPR. This includes a soft opt-in, which means explicit consent is not required where all of these conditions are met:
- The client’s email address was provided during a previous sales process
- An opt-out option was provided
- The marketing is limited to goods and services relating to the purchases or client relationship
- An opt-out option is available in each and every communication.
What requires consent?
The best way to assess this is to consider whether or not an individual would reasonably expect to receive the communication you wish to send. If they would not, you are required to obtain explicit consent. Day to day examples of this would include:
- Financial promotions about a new service the firm is offering
- Information relating to a new product that is available
- Newsletters (where these are not included within an ongoing service).
What is required for explicit consent?
Where explicit consent is required, there are certain minimum requirements that firms need to meet:
- Obtain positive opt-ins
- Inform individuals they can withdraw their consent at any time, and how to withdraw it
Remember that any consent obtained should be prominent and separate to any other terms and conditions the client may also accept. Ensuring appropriate procedures are in place will help your firm meet its obligations under the new rules.
Tony Lewis is head of compliance and technical helpdesk at Threesixty