Data Compliance

Are you complying with the law?

Direct marketing is a powerful way of creating new business, promoting your products and services, and generating leads. Data compliance is often overlooked, but it is a legal necessity for any business using personal or company data for direct marketing.

The following is a list of legal requirements and recommended best practice procedures that companies should follow when directly contacting prospects or compiling a list of contacts.

Fax Preference Service (FPS) – legal requirement

This service allows companies to register their fax numbers free of charge on a central database indicating that they do not wish to receive advertising by fax. Legally, all companies carrying out fax campaigns must sweep their data against the FPS register before they perform a campaign.

Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) – legal requirements

These two services provide companies with a centralised list of individuals and companies who do not wish to receive telesales calls. Legally, all companies carrying out telesales campaigns must sweep their data against these registers.

Mailing Preference Service (MPS) – good practice

Abiding by the MPS is not a legal requirement, but in line with good practice it is recommended that companies maintain a list of companies who do not wish to receive correspondence and suppress contacts from this mailing list.

Email marketing

There is currently no Email Preference Service run by the DMA in the UK. However, the Privacy and Electronic Communications (EC Directive) Regulations 2003 means that it is now
illegal to send spam email. The following rules apply to all marketing messages by email:

1. The sender must not conceal their identity
2. The sender must provide a valid unsubscribe/opt-out
If it is a corporate recipient, prior consent is not required, but companies cannot send unsolicited emails to individual subscribers unless all three following rules are applied:
1. The email address was collected during negotiations or sales process
2. The message relates to similar products and services
3. The recipient was given the option to opt out

Copyright law

Databases are protected under the Copyright, Designs and Patents Act 1988 and the European Union 1996 Directive No. 96/9/EC. You cannot collect and use data without the owner’s permission or outside the terms of the owner’s legal conditions of use.

For example, collecting information from directories or the internet, such as Yellow Pages/Yell.com for sales/marketing purposes constitutes an infringement of copyright and could result in prosecution and heavy fines. Ignorance is no excuse – using a contact list supplied by a new salesperson, for example, means you could still be prosecuted if you are not aware that the data was protected by copyright.

Data Protection Act

The Data Protection Act relates to the processing of personal information held on a database. It does not relate to companies, although as some businesses are sole traders or partnerships the Data Protection Act may relate to them if the business information is the same as the personal information.

Data Controller

If a company holds data and manages a database that includes personal data, it must be a registered Data Controller with the Information Commissioner’s Office. It is important that your database provider is a registered Data Controller and this can be checked by the ICO.

By submitting your details you confirm that you agree to the storing and processing of your personal data by Data Direct as described in the privacy statement.