Ensuring your business gets it right
The ‘soft opt-in’ exemption for direct marketing consent will soon extend to charities, creating a huge opportunity for the sector. But how can both charities and commercial businesses use the soft opt-in to their advantage? And is there a need to tread carefully?
Alex Craig, partner and head of Muckle LLP’s commercial team, outlines how to use the soft opt-in, stay compliant and avoid hefty regulatory fines.
What is a soft opt-in?
The Information Commissioner’s Office (ICO) defines a soft opt-in as “when an organisation sends marketing emails or texts using customer data they gathered when that customer bought or expressed interest in their products or services”.
But it’s not as simple as it might sound. While it’s reasonable to assume that someone who has purchased from your online shop may be happy to hear from you again, strict conditions must always be followed when using the soft opt-in exemption.
How to stay compliant
The rules for the soft opt-in exemption under Privacy and Electronic Communications Regulations (PECR) only apply to ‘individual subscribers’ for business-to-business (B2B) marketing, rather than an organisation that has subscribed to an email or text service.
To stay compliant when using the soft opt-in exemption, you must always check the following:
1. Customers must always be given the chance to opt out: The soft opt-in can only be used if they were given the chance to opt out of communications when their contact details were provided. Every marketing message thereafter should also provide a clear, free opportunity to opt out.
2. You can only contact your own customers: Soft opt-ins don’t apply to prospective customers or new contacts from bought-in lists; they must only be used to reach existing customers (anyone who enquires about a product or service with intent to buy).
3. It doesn’t apply to non-commercial promotions: The soft opt-in can only be used when you’re selling something or negotiating to sell something. When the new Data (Use and Access) Bill comes into force, charities will also be able to use the soft opt-in to support the charity’s charitable purposes where they have an existing relationship with an individual for example, through interest being shown in or offered to support that charity previously.
4. The content must be relevant for the customer: Existing customers can be marketed to if the content is relevant to them. For example, if a customer bought a car from you and gave you their contact details, you’d only be able to promote things that relate to the car, for instance services or MOTs.
Avoiding serious fines
Disregarding the rules when dealing with soft opt-ins can have severe consequences.
Royal Mail was fined £20,000 for sending marketing emails to 215,202 individuals. The ICO stated that although the campaign was aimed at people who had previously bought stamps online, the individuals had explicitly opted out. Therefore, the soft opt-in exemption didn’t apply.
Another household name, Papa Johns, was fined £10,000 by the ICO for sending ‘nuisance marketing messages’ to consumers. Papa Johns claimed it used the soft opt-in exemption for consent, but had not met the requirements by targeting telephone customers (who had not been provided with the opportunity to opt out).
While these examples are of well-known companies, SMEs are subject to the same stringent rules and therefore at risk of serious financial consequences if hit with fines from the ICO.
Legal support with direct marketing
Whilst there are limitations on how it can be used, the soft optin creates a huge opportunity for charities, potentially leading to increased engagement with donors and supporters. For commercial businesses, the soft opt-in can help boost sales and connect with existing customers.
However, it’s key to proceed with caution. Currently, only commercial businesses can rely on the soft opt-in, but this is expected to change under the Data (Use and Access) Bill, which will extend the soft opt-in exemption to charities.
The Bill is also set to increase the maximum penalties for breaches under PECR from £500,000 to £17.5m or 4% of global annual turnover, bringing the enforcement regime in line with the UK GDPR. Therefore, it’s vital to seek legal advice to ensure your direct marketing is fully compliant, as you could be at risk of fines under both PECR and the UK GDPR.
For specialist legal advice on soft opt-ins or other areas of data protection, contact Alex Craig today on 01912117911 or email alex.craig@muckle-llp.com