2. Housekeeping
• Welcome
• Lawpoint - Tracey and team
• Consents !!!
• All about e-mail marketing
• Slides will be available on www.law-point.co.uk next week
- website code: Wx3!r7F
- will announce on twitter – follow us @_Lawpoint
• Questions – at end / coffee after Tracey/ Alison
3. Contents
PART 1 – Who are the players and what’s happening
PART 2 – Bigger legal picture
PART 3 – GDPRs
PART 4 – Those pesky PECKERS !!!
PART 5 – Consent
PART 6 – E-mail marketing models
PART 7 – DMC Client perspective
PART 8 – Summary
4. Who are the players and
what’s happening?
PART 1
8. Bigger Picture – 2 laws – GDPRs
and Pesky Peckers
GDPR
• About personal data to send the
email to the relevant audience
(contact database)
• Legal roles- processor/ controller
• Audience = data subject – any
individual
• DM permissible !!! But ,,,, pecrs
• If consent is required under PECRS
then GDPR rules on consent apply.
PECRS
• Not about personal data
• The act of sending direct marketing
comms
• Distinguishes between individuals/
corporate subscribers [ watch this
space!]
• Consent required from ind to send
the email
10. GDPRs (1) - Contact database
• It’s all about personal data and GDPR legal grounds (later!!) for using
personal data to market
• Personal data and emails: names and emails [other] re: recipients
• No ownership in personal data
• Separate intellectual property rights (e.g database rights)
• Emails –personal data?
- traceyoconnell@Hotmail.co.uk - yes
- barbar@busties.wanadoo.co.uk – if can be matched to tracey by some-
one else/ anyone else [ who would go through list to find all of these non
identifiable ones and ensure no database to link to name]
• Roles – DC/ DP
12. GDPRs (3) - labels
Data Controller Data Processor Data Subject
the natural or legal person, public
authority, agency or other body
which, alone or jointly with others,
determines the purposes and
means of the processing of
personal data;
Decides what data is being
collected and why it is being
collected
a natural or legal person, public
authority, agency or other body
which processes personal data on
behalf of the controller
Does what the controller tells it to
do with the data
‘personal data’ means any
information relating to an
identified or identifiable natural
person (‘data subject’)
Individual which data relates to
13. GDPRs (4) Model 1 with data protection labels
CLIENT DMC RECIPENTContact
database
DC DP DS
14. GDPRs (5) – legal grounds – data controller
But………..remember
those pesky Peckers ….
Relevant legal grounds for using personal data for direct marketing
Consent Legitimate Interest
Legal grounds
6 legal grounds Must choose one of them
16. Those pesky Peckers (1)…..
• The Privacy and Electronic Communications Regulations 2003
• Deal with Direct marketing/ Cookies and other stuff!
• Why are they pesky?
- they apply in addition to the GDPR – say when consent is needed
- they are about to change - grrrrrr!!!!
17. PECRs (2) Consent – relationship with GDPRS
PECRS
Say WHEN consent is needed
when you are direct marketing
Current law:
GDPRS
Say WHAT the standard of consent
is.
There is a legal definition:
any freely given, specific, informed and unambiguous
indication of the data subject’s wishes by which he or she,
by a statement or by a clear affirmative action, signifies
agreement to the processing of personal data relating to
him or her” GDPR Article 4 (definitions)
Individual Opt in Cannot send unless they
say you can
Corporate
Subscriber
Opt out Can send unless they say
you can’t.
Law does not use opt
in /opt out, but ICO
does
18. PECRs (3) Consent – When is it needed to send marketing emails?– current law
Consumer/unincorporated partnership/ sole trader
barbar@busties@btinternet.com
tracey@law-point.co.uk (if not limited)
Corporate subscriber
tracey@law-point.co.uk (if limited)
Opt in
Opt Out
Soft opt –in
(obtained contact details of the recipient in the course of)
• For providing goods and services
• Negotiation for sale
Doesn’t apply to individuals
PECRS are silent BUT ICO guidance says opt-out
19. PECRs (4) – When is consent needed to send
marketing emails?– new law
Consumer/unincorporated partnership/ sole trader
barbar@busties@btinternet.com
tracey@law-point.co.uk (if not limited)
Corporate subscriber
tracey@law-point.co.uk (if limited)
Opt in
Opt Out
Soft opt –in (obtained contact details of the recipient in the course of)
• For providing goods and services
• Negotiation for sale
Doesn’t apply to individuals
PECRS are silent BUT ICO guidance says opt-out
21. Consents – what does “opt-in”
mean?
Please tick here to receive marketing emails from DMC about DCM’s services [ ]
Please tick here to receive marketing emails from DMC about DCM’s services [ ]
If you don’t want to receive marketing emails from DMC about DCM’s services
please tick here [ ]
If you don’t want to receive marketing emails from DMC about DCM’s services
please tick here [ ]
32. The DMC client perspective
• Client awareness varies - sometimes mis-informed (an opportunity?) :
generally an increased awareness of
- Consent risk
- Liability
- Buying third party lists
• More focus on contracts
• GDPR legal position will depend on “what’s happening”
• What are you doing:
- lead generation
- campaign management
34. Summary
Don’t let go of the until all the pieces are in place!
If you know who’s doing what and what’s happening you’ll be in a better position to
manage clients expectations, the contracting process and the risks associated with
your e-mail marketing model.
35.
36. Law point services
• Contract/ terms and conditions drafting, reviewing and negotiation
• Training – on-site/ off- site
• Outsourced in-house lawyer
• Outsourced DPO
• Data protection advice and policies
• Risk management
Digital Law Scrum ….. and Bacon !!!!
www.law-point.co.uk