Main Content


Winter 2017: Legal update

Most business owners will be familiar with the benefits of storing and utilising the details of their existing customers for marketing purposes. However, many new businesses, and perhaps those existing businesses which are expanding their marketing efforts, may not be familiar with the laws which govern storing and using customer data.

In order for any business to conduct direct electronic marketing it is first necessary to compile the details of the existing customers. This is governed by the Data Protection Act 1998 (“the DPA”). In a nutshell, the DPA requires a business to have a registered ‘Data Controller’ before that business can lawfully process any personal data about a customer. It is without doubt that any form of customer marketing database would fall within the scope of the DPA as the details collected would be stored in a system which makes individuals identifiable.

To ensure their compliance with the DPA, some practical points which business owners need to consider are: ensuring a Data Controller is appointed, registered and trained; only collating necessary information; keeping the information secure; ensuring the information is kept up-to-date; and responding to requests from customers to access the information.

It is extremely important that business owners make sure their business is complying with the DPA. Failure to comply with the DPA can not only lead to civil enforcement, including penalty fines, but also, in some cases, criminal sanctions.

In addition to the strict rules regarding storage of customer information, a business may wish to utilise the data by sending unsolicited marketing emails for promotional purposes. Here too, strict rules surround the use of such communication. Regulations 22 and 23 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) apply.

Regulation 22 of PECR restricts the sending of any unsolicited marketing material, unless the customer has opted-in by agreeing that such material can be sent to them. It is worthwhile noting that this does not just apply to email, but also to text, photo and video messages sent to a person’s mobile device. It is crucial that business owners ensure they implement a facility which enables the customer to ‘opt-in’ to such marketing material. It is possible for the customer to indirectly consent by way of a “soft” opt-in, but this should be approached with caution, as it applies only to the promotion of similar goods/services which they initially contracted with the business to receive.

Even where a customer ‘opts-in’, business owners must ensure that their business name and contact details are provided clearly in the electronic communication. This is to ensure that the customer has the opportunity to request they are removed from the mailing list by ‘unsubscribing’.

For further advice please contact Darrell Stuart-Smith, a Partner in our commercial team at our Dorchester office on 01305 251007.

Free legal advice for DBA members

If you have a legal issue that needs addressing, no matter what the query, a call to the DBA’s legal service provided by Humphries Kirk LLP, is an advisable first port of call to save you valuable time and money.

Click here for the DBA Legal Helpline.

Image credits: © Jossdim |


We use cookies to help improve our website. By continuing to use this website, you agree to our use of cookies.