In general, in the EU and UK there are two main laws that govern the processing of personal data for marketing purposes – the GDPR and the ePrivacy Directive.
The GDPR applies to most electronic marketing activities, as these will involve some use of personal data (eg. name, email address). However, specific rules on electronic marketing are found in Directive 2002/58/EC (the ePrivacy Directive) including circumstances in which consent must be obtained. The ePrivacy Directive takes precedence over GDPR when it comes to direct marketing, meaning that if consent is required under the ePrivacy Directive and the company has not got the necessary consent, they cannot process this data for direct marketing purposes.
In general, the ePrivacy Directive always requires consent to process personal data for electronic marketing purposes. However there is an exception, commonly called “the soft opt-in”, when consent is not required to send electronic marketing to existing customers provided the following conditions are met:
- The company collected the personal data directly from the customer in the course of a sale
- The product or service that will be marketed to the customer is the company’s own product or service
- The product or service that will be marketed to the customer is similar to the product/service the customer bought
- The customer was given a clear and easy way to refuse or opt-out of electronic marketing when their personal data was collected
- And finally the customer is given a clear and easy way to refuse or opt-out of electronic marketing in each following communication (e.g. unsubscribe link in an email)
Dataships optimizes your marketing consent collection by using the above soft opt-in approach when all of the above conditions are met