Data Protection and Marketing
Unsolicited marketing by email, SMS and Fax is already subject to rules imposed by the Privacy of Electronic Communications Regulations 2003 (PECR). These dictate that we must have consent to send unsolicited marketing. Unsolicited means information not specifically requested, and marketing covers a broad scope of any activities promoting events or services we offer through to any promotion of our aims and ideals. This will include activities involving prospecting, outreach and promotion to potential students or visitors and alumni and fundraising communications.
Consent to receive these types of communications must meet the GDPR consent standard.
There are legal basis other than consent for postal and telephone marketing. More information can be found in the guidance below.
If you are collecting data for one purpose and intend to also use it for marketing activities, you should have a means for the individual to separately opt in to that at the point of data collection ensure you have this consent. You must keep a record of when it was obtained, for what purposes, and should someone withdraw their consent (or unsubscribe from those communications) you must have procedures in place to do this promptly.
If you carry out any marketing activities and would like more information on current Data Protection requirements, you will find the link below provides you with detailed relevant information.
If you are currently working with lists of contacts used for these marketing purposes and are unsure if you have the necessary recorded consents, or are unsure if those consents are up to date, please contact firstname.lastname@example.org
Information Commissioner's Office guide the PECR 2003
information Commissioner's Office guide to Direct Marketing