Digital marketing : Laws pertaining to e-marketing

database marketing, emarketing

In this article we will review relevant legislation, useful academic qualifications as well as useful software pertaining to e-marketing, more specifically in the field of database and email.

Whether you are a Database marketing consultant, office administrator or even a CCTV operator, dealing with other people’s data requires compliance with various regulations. As the worlds largest economic bloc, the EU can serve as a class example, albeit that the USA, Canada, China and other jurisdictions have their own data protection laws. We will now use the UK as an example, because it is an English speaking country where it is relatively easy to access relevant legislation in order to form a case study.

The legislation relevant to the UK:

EU digital directive 2003 – It is essential that the sender of an email disclose it’s address as well as an option for the recipient to opt out of future correspondence.

EU cookie law – Any websites storing user data known as cookies, even if it is in order to improve a future user experience, must provide the user with the option to opt out. This is important to be communicated via a pop up immediately upon the user’s first visit.

Consumer and contract law: (Not relevant to database marketing, however this will be discussed below)

Data protection act 1998 – The 8 principles of data protection is outlined here:

Principle 1:

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Example: Often companies in London would refuse to send data by fax, or copy it from a memory stick in order to work with it. This, they argue, is because it may contain personal data which is sensitive.


Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Example: If the stated purpose of collecting someone’s data was to conduct a credit check, we cannot take the same data and sell it to third parties, or manipulate the data in order to render it useful for other marketing purposes – unless off course express permission was given.

Principle 3:

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Example: A company request that a GP confirm a recent health check which was mandatory for an employee, however upon disclosure, the GP’s assistant hands over a 15 year medical history which shows earlier symptoms of depression that the patient experienced 10 years ago. Clearly the data provided was excessive.

Principle 4:

Personal data shall be accurate and, where necessary, kept up to date.

Example: People often move house, change jobs etc. and it is the responsibility of the data controller to keep such information up to date or make reasonable efforts to do so.


Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Example: In some cases, data has to be removed after 40 days, for example CCTV recordings. In the case of database marketing, the purpose defines that it is required for a longer period.


Personal data shall be processed in accordance with the rights of data subjects under this Act.

Example: The individuals have rights to privacy – if the data processor was to work on a PC which displays data to visitors, this would result in a breach of privacy, which off course could have been avoided with the right office layout or policies.


Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Example: A company has no security software and their database is hacked. The data is then used by others for the purposes of credit card fraud. Or a data warehouse lacks physical security and someone gain access to data in order to download it. In both cases, the law has been breached.


Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

A company collected data from customers in the UK or France for example, then, another company from Thailand offers to buy the data for marketing purposes. If the data is sent outside of the UK to the foreign company, this resulted in a principle 8 breach.

Other laws:

Each jurisdiction have contract law. Besides the above regulations, a UK based company will also be subject to consumer and contract law, such as the unfair contract terms and conditions act (UCTA) 1977. There are also regulations prohibiting companies to post fake reviews online. The state of New York and Australia in particularly demonstrated strong leadership in this regard. When delivering in house training for US clients, we also deal with the CAN SPAM act, which is beyond the scope of this article.

Useful qualifications:

In Europe, the IDM (Institute of Digital and Direct marketing) offers a reasonable foundation and is a good choice. The CIM (Chartered institute of marketing) also offers training in this area. There is also the option of shorter courses such as Emarketeers or Econsultancy. Practitioners who are diligent in the area of self study may find the latter two options more useful and time efficient, however as with anything, taking a personal interest in the subject is key to differentiating yourself in the workplace.

Useful software for email and database marketing: 

For companies with a large volume, it would make sense to use their own servers with customized or open source software to drive the campaign. The alternative could be quite costly and currently MailChimp and Aweber are the two most commonly used hosted solutions.

Further reading:

Case studies such as TESCO in the UK or CLICKS pharmacies in South Africa can provide valuable insight. Alan Tapp’s book , “Principles of Direct and Database Marketing” will provide users with an in depth overview of the subject.


You may also like...