Compliant Email Marketing

December 6, 2015

Over the years, marketing campaigns have evolved from the simple, en masse postal delivery to the more audience-specific electronic system. Regardless of how your organisation chooses to distribute its marketing campaign, you must ensure that your email marketing campaign complies with the regulations—the majority of which are enforced by the Information Commissioner’s Office (ICO).

As the owner or manager of an organisation, you are obligated to adhere to several regulations, the two most important being The Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

The DPA is composed of eight principles that outline how members of the community’s personal information—ethnicity, political affiliation, religious beliefs, sexual orientation, etc.—is to be accessed and shared. The PECR explicitly states that it is unlawful to send direct marketing to individuals who have not specifically granted permission. If your organisation fails to comply with these or any other related regulations, you could face fines as well as criminal charges. Establishing the proper framework for your campaign can help your organisation remain compliant.

Marketing Campaign Framework

A strong, well-written email marketing and/or text message campaign is structured around clearly explaining these three principle components:


An effective strategy to incorporate these principles and stay compliant is through the use of opt-in and opt-out clauses. These clauses are typically integrated into your initial message—prompting recipients to either opt in (agree to receive emails/texts from your organisation as well as consent to the use of their personal information) by checking the appropriate box or opt out (unsubscribe) by leaving the box empty. Alternatively, your message can have all options already checked (e.g. recipients agree to receive emails/texts from your organisation as well as consent to the use of their personal information) and they can opt out by unchecking the options they do not want. Every marketing email you send must give the recipient the ability to opt out of receiving further emails.

After your organisation has finished developing its marketing campaign and formatting the opt-in and opt-out clauses, you need to verify that your campaign will not target individuals who have asked to not receive marketing emails or texts. To confirm that your marketing campaign participant list is compliant, use the Email Preference Service:

The Importance of Consent in Marketing

Before your organisation launches its email marketing campaign, it is critical that you review whether you have the target audience’s consent. For electronic marketing campaigns, the ICO defines consent by four distinct criteria:


However, there are two exceptions to these guidelines: implied consent and indirect (third-party) consent. Implied consent details that while consent for marketing campaigns does not always need to be explicit, it must involve the individual freely providing his or her agreement to the use of his or her information. Indirect consent refers to any organisation using a bought-in marketing list. If your organisation chooses to use a bought-in marketing list, review the provided information to verify that you are legally authorised to contact the individuals named in the list.

In most cases, indirect consent does not provide enough authorisation to send email marketing messages. Only if the individual had provided consent to a specific category of organisations or companies can indirect consent be considered enough.

As a liability measure, once your organisation has obtained consent, you may want to record the date on which it was received, the method by which it was obtained, who collected the consent and the specific information to which the individual consented. Detailed documentation of your marketing list participants mitigates your organisation’s risk of breaching compliance.

The Penalties of Noncompliance

When your organisation is preparing to launch an email marketing campaign, you need to ensure that you have received the proper consent. There is no substitute for receiving the proper consent. The following work-around strategies will only result in noncompliance:


If your organisation is found to have violated any part of the legal framework that protects individuals’ privacy rights, you could face stiff fines, loss of public credibility and even criminal charges.

Managing Email Marketing Compliance

To ensure that your organisation remains compliant throughout its email marketing campaign, rely on these three risk management strategies:


Resist the Urge to Spam: Staying Compliant

Maintaining compliance during an email marketing campaign is simple—obtain clear consent. Through careful preparation and review, your organisation has the potential to mitigate possible risks and run a successful campaign.

Recent News

9 Online Habits That Put You in Jeopardy

6 Tips to Sit Less at Work

The Dangers of Driving While Dehydrated

Safeguard Against Record-breaking Rainfall this Winter

Tougher Penalties for Driving Offences Now in Effect

Cyber Tips for Travelling

How to Keep Your Home Cool This Summer

Government Releases 2017 Cyber Security Breaches Survey

Prevent Heat Illness When Working Outdoors

The Popular Social Media Post That Makes You Vulnerable to Hackers