Q&As

Do I have to refresh marketing email consent obtained by a pre-ticked box on our website?

read titleRead full title
Published on LexisPSL on 11/04/2018

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • Do I have to refresh marketing email consent obtained by a pre-ticked box on our website?
  • Lawful ground for processing under the GDPR
  • Compliance with PECR 2003
  • Where does this leave you?

Do I have to refresh marketing email consent obtained by a pre-ticked box on our website?

This Q&A considers the question of whether a commercial organisation needs to refresh marketing email consent obtained by a pre-ticked box on its website prior to the General Data Protection Regulation (GDPR). It takes account of the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003) together with relevant guidance from the Information Commissioner’s Office. There is a separate Q&A for law firms.

Please see Practice Note: Processing personal data—direct marketing—Email, messaging and text marketing.

This explains that, to engage in email marketing, you will need:

  1. a lawful ground for processing under the EU General Data Protection Regulation (GDPR), and

  2. to comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), SI 2003/2426

See also Flowchart: Direct marketing decision tree—email and other electronic marketing—data protection, which walks you through the decision making process in relation to email direct marketing, including whether you need consent. This flowchart takes account of the GDPR and PECR 2003.

Lawful ground for processing under the GDPR

Your two realistic lawful grounds for direct marketing processing under the GDPR are consent and legitimate interests.

The GDPR has raised the

Related documents:

Popular documents