The Data Protection Act 1998 ("DPA") applies to your handling of all personal data. In addition, if you plan to carry out electronic marketing, you also have to comply with the Privacy and Electronic Communications Regulations 2003 ("PEC Regulations"). Firstly, we need to know what "personal data" actually means. This is any information which identifies a living person (or could identify that person if combined with other data held by you). For our purposes, a marketing database giving the name and email of your contact at a customer or supplier will be "personal data".

However, a simple list of limited companies and their info@ email addresses would not be. Generally speaking, direct marketing works best when addressed to a named individual, so an effective direct email campaign will fall under the DPA rules. However, provided you keep your database secure, use it only for contacting the people on it about your services, correct any errors in it when they are brought to your attention, and do not pass it on to third parties* (particularly companies outside the EEA), you are unlikely to breach the DPA itself. *Please note it is permitted to use a specialist marketing company within the EEA to carry out your email campaign on your behalf provided you both comply with the DPA Nonetheless, you must always take care to ensure your campaign meets the requirements of the PEC Regulations.

The basic rule is that you are not permitted to carry out electronic direct marketing unless you received specific consent from the recipient ("opt-in"). This will be the case, for example, where a customer views your website and signs up to receive further information from you. In addition to an express opt-in, the Regulations also permit a so-called "soft opt-in". 

This occurs where (a) you have obtained the recipient's details from having previously sold them (or negotiated to sell them) a product or service; (b) your email marketing only relates to the same or similar products or services; and (c) they are given a simple opportunity to opt-out of receiving further information at the time you first collect their details and in all subsequent communications. Whenever you send out marketing emails, you must always identify your company and provide appropriate contact details such as postal or email address or Freephone number. And remember, if someone asks you not to send them emails, don't simply delete their details but flag them on your database as not to be used. A well-considered, personalised email campaign can be very effective; spamming someone who's told you not to, never is. 

Published - July 2009This article is provided for general information only. 

Please do not make any decision on the basis of this article alone without taking specific advice from us. stevensdrake will only be responsible for the advice we give which is specific to you.