Latest News | News

COVID-19, Direct Marketing & GDPR. What you need to know!

Please note: This information was accurate as of 19:00 on Thursday 2nd April 2020, however, will quickly become out of date. For the latest information and comprehensive advice, please contact one of Fletcher Day’s Corporate and Commercial lawyers.


With COVID-19 social distancing measures and the forced closure of business store fronts, many businesses are looking to reach potential clients and customers using digital and online marketing tools; not least e-mail and social media platforms such as LinkedIn, Twitter and Facebook. However, it is vitally important that businesses continue to be mindful of their obligations under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).


Faced with a prolonged period of uncertainty ahead, businesses of all shapes and sizes will be looking at all available options to market and promote their business. With the UK and many countries worldwide now in partial or full lockdown, digital and remote marketing strategies, utilising e-mails and social media platforms such as LinkedIn, Twitter and Facebook, will be the main focus for business advertising and the promotion of services and products.


No planned changes to legislation

Despite these challenging times faced by businesses, the UK Government has (as yet) made no suggestion of relaxing the legislation surrounding the processing of personal data for direct marketing. As such, for businesses based here in the UK (or in the European Union), it remains of vital importance that any processing of personal data for marketing purposes is conducted in accordance with the legislation currently in place.


So, what does this mean for your business?

Generally speaking, in order to hold and process someone’s personal data (e.g. a name or an e-mail address), businesses must either have that person’s consent, or an alternative legitimate interest in processing such personal data. This means that you should be giving due consideration before firing-off marketing e-mails, or e-mailing an update concerning your COVID-19 business plans, particularly if you are intending to e-mail all known contacts of the business (whether held on a marketing database or otherwise).


A breach of the GDPR could be costly!

Why could this be a problem? It’s simple; if your business is found to be in breach of the GDPR, you may be liable to a fine of up to €20 million or 4% of annual global turnover – whichever is greater. It goes without saying, then, that any marketing e-mails, circulars or otherwise should be considered in-line with the governing legislation before pulling the trigger.


We have a wealth of experience in advising businesses on the GDPR. To find out more about the obligations of your business in relation to direct marketing, or other aspects of GDPR, please contact Piers Larbey at 020 7870 3870, or David Gee at  020 7870 3879.


The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.