From 6 April 2015, the Data Protection Act 1998 will be amended to remove the need to prove "substantial damage or substantial distress" before the ICO can take action in respect of unsolicited direct marketing communications, including calls (automated or live), faxes, texts and emails. The amendment will make it easier for the ICO to issue monetary penalty notices to organisations that flout the rules on unsolicited electronic direct marketing.
It will now become increasingly important for organisations to comply with the rules on direct marketing and keep their records of consent and suppression lists up-to-date as evidence, in case of a complaint or an ICO investigation.
The key data protection issues that a business should consider when carrying out direct marketing are:
- The penalties for failing to comply.
- The customer data that needs to be protected and secured.
- Storing of customer data for marketing purposes.
- Whether the marketing being sent by post or telephone is solicited or unsolicited.