Context
On 26th April 2006 the Council of Europe decided to launch a Data Protection Day to be celebrated each year on 28th January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened for signature. To mark this day, CAP offers four top tips on the use of data for marketing.
Key points to note
Tips relate to:
- What counts as personal data?
When a customer’s name is matched up with their contact details (e.g. their postal address, e-mail address, phone number, or any other means of information that’s specific to the named individual) or an identifier such as an IP address or cookie, this is likely to count as their “personal data”.
- What you have to do when you collect personal data
Consumers need to be told information including the marketer’s contact details, the reason and legal basis for collecting the data, the identities of third parties who the data will be shared with, how long it will be stored, and consumers’ right to ask for it to be deleted.
- When do you need consent?
If personal data will be used to send marketing communications by electronic mail, the consumer needs to have given the marketer their explicit consent beforehand. “Electronic mail” includes text, voice and video messages sent by e-mail, SMS, or any other form of digital messaging. Direct messages on social media platforms or in apps, for example, are likely to count as electronic mail. Before such messages are sent, consumers need to have been asked to give consent to receive them, through a clear affirmative action such as a tick box.
- When consumers ask not to receive marketing communications
If a consumer makes this request for their data to be suppressed, marketers should accept this request and ensure they don’t send the data subject any further marketing communications. To ensure this, they should retain just enough data about those consumers to meet their obligations to suppress their data.
Next actions
None – for information and awareness.