The British data protection agency launches public consultation on direct marketing code of practice


The British data protection agency, the Information Commissioner’s Office (ICO), has launched a public consultation on a draft direct marketing code of practice in fulfilment of its obligation under the British Data Protection Act. The code intends to support corporate compliance with the Data Protection Regulation in connection with direct marketing activities towards private individuals.

The code offers practical guidelines to achieve compliance with previous direct marketing guidance issued by the ICO, and addresses many of the issues already dealt with in the existing guidelines. However, the code also offers some new additions, including a due diligence checklist to assist with compliance when buying data from third parties.

Further, the code explains at what point the duty to conduct a data protection impact assessment (DPIA) is triggered in connection with profiling for marketing purposes. According to the ICO, a DPIA under Article 35 of the GDPR should always be conducted in any major marketing project, even if there is no specific indication of a high risk to the rights of the data subjects. 


Kromann Reumert’s assistance

Kromann Reumert has a breadth of experience advising enterprises on marketing issues, including data protection in a marketing context. 

We routinely stay updated on developments ‒ in marketing as well as data protection law ‒ and can therefore help you and your business remain compliant in your marketing activities.

Read the code of practice