What is direct marketing?

By David Hendry

What is direct marketing?

In the previous blog the Outsourced DPO considered the background to the PECR, how they interact with, compliment and “trump” the DPA and GDPR, and the general prohibition on unsolicited direct marketing via electronic communications systems and equipment.  In this blog the Outsourced DPO takes a look at what constitutes direct marketing.

“Direct marketing” is a term defined in the Data Protection Act 2018. The term is used in several places including the introductory text on page 1 of the Act itself!  In Section 122 the DPA defines “direct marketing” as, “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”.  The definition provides that the marketing materials have to be directed to particular individuals for marketing to be “direct” i.e. door drops, inserts in newspapers and the like are not currently considered as being directed to particular individuals although as progress towards the holy grail of marketing is made; the so-called segment of one; that may come under pressure.

Interestingly the DPA also states that good practice in direct marketing means practice that appears to the Information Commissioner to be desirable having regard to the interests of data subjects and others.  WOW!  That puts the ICO in a very powerful and responsible position as her opinion is elevated to be the gospel by statute.

The marketing aspects of direct marketing are also worth exploring.  Philip Kotler defines marketing as “meeting needs profitably” and refers to the American Marketing Association definition as, “the activity, set of institutions, and processes for creating, communicating, delivering, and exchanging offerings that have value for customers, clients, partners, and society at large.”

This definition correlates with that of ICO’s who’s existing and new draft Direct Marketing Code of Practice, reminding us that direct marketing “includes the promotion of aims and ideals as well as advertising goods or services.”  The new draft Code says that any method of communication which is directed to particular individuals could constitute direct marketing and highlights that “direct marketing purposes” include all processing activities that lead up to, enable or support the sending of direct marketing.  The new draft Code provides examples of direct marketing and includes:

  • a GP sending text messages to patients inviting them to healthy eating event;
  • a regulator sending out emails promoting its annual report launch;
  • a local authority sending out an e-newsletter update on the work they are doing; and
  • a government body sending personally addressed post promoting a health and safety campaign they are running.

So the UK DPA provides for this opinion to be a statutory interpretation applied to the law.  Ignore or deviate from the ICO’s Codes of practice regarding direct marketing at your peril!  The key message to take away is that “marketing” is defined broadly and the ICO’s interpretation is the one that counts.  Not the interpretation of your marketing colleagues, suppliers, or marketing agencies – the law upholds and elevates the opinion of the ICO to be the only one you should focus on.  “Marketing” includes advertising or promoting products, services, ideals, concepts, charitable aims, events, and other similar activities whether or not the data controller derives any financial gain from them.

The definition doesn’t seem to differentiate between consumers and individuals in their business or professional capacity, nor does it differentiate internal direct marketing promotions to colleagues and employees from external direct marketing to customers and prospects.

Ironically, informational notices promoting good data protection practices or IT security would seem to fall under the definition of marketing and so any mailshots of information promoting cyber security policy and the like sent directly to individuals would be caught by the definition of direct marketing.

In the next blog the Outsourced DPO will begin to explore how the PECR rules affect direct marketing by telephone and electronic message.

Contact Us

Send us a Message

    We would like to use your contact information to send you marketing and promotional materials and special offers by email from time to time. We may only send information to you in this way with your consent. Please indicate whether you consent to us contacting you in this way for those purposes. You may withdraw your consent at any time by clicking the unsubscribe link in our emails.

    We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


    We have been receiving complaints over the last few weeks from people who have received unsolicited direct marketing calls from a company called The Protection People.  We should like to point out that we are Data Protection People and have nothing to do with those calls.

    We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-texts-and-nuisance-calls/.  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

    You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here https://www.tpsonline.org.uk/register.

    We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here https://ico.org.uk/action-weve-taken/enforcement/.

    Data Protection People Limited – March 2021