Get a quote
Start a Demo Now

Call UK Office+44 203 006 2292

Call Irish Office+ 353 1 475 9299

New Legislation

The release of new legislation regarding data protection within the “Electronic Communication Sector”, is the perfect time to review what data your organisation holds and how you are managing the process and storage of it within your organisation.

Who has issued the legislation?

The Data Protection Commissioner enforces the data protection aspects of the Regulations and the Commission for the Communications Regulation (ComReg), is responsible for ensuring compliance with some technical and practical elements of implementing the Regulations.

Why is this important?

The Commission has the power to prosecute those who commit offences (that’s fines of up to €5,000 – per message in the case of unsolicited marketing), so it’s important to stay within the law – not only that, but if your organisation stays within the law it will prove beneficial to your organisation in terms of marketing.

Who does the legislation apply to?

If you are reading this, there is a fair chance that it applies to you. In short, the regulation applies to organisations that use electronic methods (telephone, email, via a website etc), to communicate with previous or target customers.

 So, what’s the skinny?

Data security is a hot topic at the moment, especially with the latest security breaches, including the Epsilon security failure, possibly the largest name and email address breach in history of the internet. On March 30th, there was “an incident” where by a number of Epsilon clients’ customer data were exposed by an unauthorised entry into their email system, (handling more than 40 billion email annually and over 2,200 global brands, that’s quite “an incident”).

Keep the data safe and secure

This includes protecting the data from accidental or unlawful destruction, accidental loss or alteration and unauthorised access, processing or disclosure.  Ensure that the data can only be accessed by authorised personnel for legally authorised purposes.  Any breach in security must be reported to the Office of the Data Protection Commissioner.  Make sure that it is accurate, relevant and not excessive – only ask for what you need.

When holding information on a contact, it must not be excessive – only ask for what you need.  If you go on to contact the person, remember that the rules are more restrictive in the case of marketing by electronic mail of individuals who are not customers. In our 2011 Digital Marketing Survey, we found that 49% of customers would regard an unsolicited email with irrelevant content to be SPAM.

Remember that the sender of an e-mail or SMS must include the name of the organisation / sender and a valid address at which they can be contacted. This is a legal requirement and must be included in every communication.

As a minimum, an individual must be given a right to refuse such use of their personal data both at the time the data is collected (an “opt-out”) and, in the case of direct marketing by electronic means, on every subsequent marketing message.  The “opt-out” right must be free of charge.  Don’t try to trick your customers – make the unsubscribe link easy to find.

If an individual is not a customer, electronic mail may not be used to send a marketing message to their contact address unless the prior opt-in consent of that individual has been obtained to the receipt of such messages – a consent that can be withdrawn at any time.

 What if they are your customers?

In instances where the data has been collected at a point of sale, it may only be used for direct marketing via email if the following conditions are met:

  • The product or service is of a kind similar to that which was sold to the customer at the time their contact details were obtained.
  • When these details were collected, the customer was given the opportunity to object at that time, in an easy manner and without charge, to their use for marketing purposes.
  • The customer must be given the right to unsubscribe to further messages, in each email.
  • The details were collected within the previous 12 months or the subscriber has received a marketing electronic mail within the previous 12 months to which they did not unsubscribe using the cost free means provided to them by the direct marketer

The “opt – in” consent expires after twelve months, so be sure to keep in regular contact with your database.



commercial creative customer data database datamanagement dataprotection digital digitalmarketing email email marketing emailmarketing flickr imagery images legal lists media mediacontact newmedia notosh Ranking sales Search SEO social media subscriber survey