What is anti-spam law?
Anti-spam law restricts the sending of unsolicited emails (spam) to individuals. The restrictions on spamming individual subscribers apply not just to consumers, but also sole traders and partnerships because they are still individuals, despite the fact they run a business, and even if your email is within their business capacity.
Although, it is still possible for unsolicited emails to be sent to corporate subscribers or a business if the emails are relevant to their work, this distinction between individual and corporate subscribers is not straightforward to apply in practice. In many cases it will not be clear to a marketing company whether an SMS or email address belongs to an individual or corporate subscriber or whether individual contact details have been obtained as a result of negotiating the sale of ‘similar goods and services’.
Some businesses might from time to time subcontract their e-marketing campaign out to other companies, but the Information Commissioner will proceed against you first if the rules of anti-spam law are breached, as you or your business will be the ‘instigator’ of the direct email marketing communication.
What are the implications of GDPR on anti-spam law?
The anti-spam law is changing and will be further enhanced under a new set of rules called the General Data Protection Regulation (GDPR) which will be introduced in May 2018. These new rules will affect all UK businesses and email marketers who send emails to people within Europe. Businesses need to take steps to ensure compliance and adjustments to these new regulations to avoid hefty fines.
The current anti-spam law is enforced by the Information Commissioner and breaches of these Rules in the Privacy and Electronic Communications Regulations 2003 can result in a fine of up to £5000.
Under the new GDPR rules the potential fines can be in excess of 20 million euros, or 4% of the business’s gross annual international income. So, it is vitally important to comply to these new regulations in view of the penalties put in place.
Protecting Young People’s Inboxes.
GDPR will also take a stronger stance on protecting young persons emails, and how marketers approach them. Businesses will need parental consent, once GDPR is enforced in May 2018, to send email messages to consumers 13 years of age or younger. More transparency will be needed about the data that they are collecting from their email recipients. Transparency can be crucial in email security if there is an unfortunate data breach.
What you need to do to get your business ready for GDPR email marketing laws:
These new and stricter rules specify that you must:
1. Make sure you get clear and informed consent from the customer before sending email. You will need a prior consent when sending unsolicited marketing emails, texts and faxes to individual subscribers, unless (in the case of emails and texts) they are an existing customer of similar goods and services.
2. Not use a business or person’s email address without that consent. Businesses are no longer permitted to use harvested emails lists bought through marketing agencies.
3. Not use pre-checked boxes on forms to get consent. The specific consent given by the individual must involve some positive action. For example, if they have the option to tick the opt-in box or enter an email address in a field they are opting-in, these would be positive acts for this purpose, rather than a default pre-ticked box on your website or an email address taken from a business card received whilst networking.
4. Provide a valid address to which subscribers can ‘unsubscribe’ to further messages being sent.
Article provided by Max Tebbitts, Commercial Solicitor at Tebbitts & Co
https://www.tebbitts.co.uk/