The ICO has today fined a food company for relying on the "soft opt-in" for electronic marketing under PECR, without meeting the necessary conditions.
This should serve as a reminder to companies that relying on the soft opt-in should not be seen as an easy consent avoidance measure, but instead is a way of communicating fairly with existing customers in a way they would reasonably expect.
As a reminder, the 3 requirements are:
- You must have obtained the relevant contact details in the course of a sale (or negotiations for a sale) of a product or service to that person;
- You must only be marketing your own similar products or services; and
- You must have given the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.
All three conditions need to be present for your organisation to rely on this exception - if any of the three parts are not met, you will need to obtain GDPR-compliant consent before sending the electronic marketing.
An organisation which is reliant upon regulation 22(3) of PECR to send marketing emails and SMS to its customers, must ensure the recipient has been given a simple means of refusing the use of his contact details for the purposes of such direct marketing at the time that the details were initially collected.