How long can you rely on Consent or Legitimate Interest? | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

How long can you rely on Consent or Legitimate Interest?

16 Sep 2020

T-timescale.jpg

When the GDPR was first published, the legislation made it clear that consent did not last forever. One of the most frequently asked questions remains, ‘how long does consent last?’

This type of principals-based legislation is new to many marketers and it has created a lot of uncertainty. The DMA’s Legal and Compliance teams continue to receive questions from members who want more specific timescales, so the DMA’s Responsible Marketing Committee produced the advice detailed below.

Following a recent investigation and subsequent adjudication from the Data and Marketing Commission (DMC), this guidance hasbeen updated so that it covers both Consent and Legitimate Interests – both described as marketing permission.

The Information Commissioner’s Office (ICO) also included a section about this in its guidance: ‘What is valid consent?’

How long does consent last?

"The GDPR does not set a specific time limit for consent. Consent is likely to degrade over time, but how long it lasts will depend on the context. You need to consider the scope of the original consent and the individual’s expectations."

It is important to remember that these timescales are not set in stone. As highlighted by the ICO’s comment above, context, scope and the consumer’s expectations are all factors to consider.

I’m sure it would be possible to come up with an example of a particular product or service that might benefit from a different timescale, but it would be wrong to do this without considering the impact on the consumer. Ideally there needs to be documented justification of your companies justification for the timescales you use, in order to meet the requirements of the GDPR’s Accountability Principal.

The DMA advises its members to adhere to these minimum standards on the lifetime of marketing permission:

For third-party data: telephone, email, SMS; the maximum time that permission can remain valid is six months after initial collection or any other positive contact (as defined below).

For third-party postal marketing: the maximum time any permission can remain valid is 24 months after initial collection or any other positive contact.

For all first-party data: telephone, email, SMS and post; the maximum time that permission can remain valid is 24 months after initial collection or any other positive contact.

The timeframes begin after the initial collection date or when further positive contact with the customer is made.

Definitions:

Initial collection

This is defined as the moment an organisation obtains permission from someone to process their personal data for direct marketing purposes. The organisation must maintain a record of the permission and an audit trail for evidence.

A positive contact

You must have proof that someone is continuing to engage with your organisation after they have given their permission.

For example, they have bought recommended products from an organisation, or clicked through from a marketing email to browse a website. These instances demonstrate an ongoing relationship between an individual and the organisation.

The data controller cannot rely on the absence of an action by the data subject as an indication of permission. There must be a dialogue, defined as a two-way communication via any channel, in which both parties exchange ideas, questions and answers.

DMA Members can get practical advice on this and any other issue related to data and marketing by emailing our Legal team: legaladvice@dma.org.uk

DMA Membership will provide your business with fantastic benefits, including advocacy, legal and compliance support, best practice guidance, research, insight and events.

Plus, with access to an online learning platform containing a range of qualification and bitesize learning modules, you’ll gain a cost-effective and simple way to keep your team upskilled.

Find out how DMA Membership will help your business thrive here.

John Mitchison John Mitchison

Director of Policy and Compliance

Hear more from the DMA

Please login to comment.

Comments

Related Articles

How to market effectively and sustainably

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.

1714037684255.png

The Power of Customer Journey Analytics in Telecommunications

The telecom industry boasts an array of touchpoints, presenting both opportunities and challenges for marketers. Ensuring that campaigns not only resonate but also yield results is critical.

iStock-1473164518-modified-f4e3c11c-cd81-417a-a5bf-adaf217da044.jpg

Managing Customer Data Silos in Telecommunications

The telecommunications sector grapples with a pressing issue: customer data silos.

iStock-1180187740 600x400.jpg

The Importance of Data Quality and Data Confidence in Customer Experience

We live in the information age, where customer insight expands with every click, swipe, and interaction.

iStock-1363814424 600x400.jpg

Expand

Copyright DMA 2024 © All Rights Reserved