What you need to know about new rules on using data in marketing

Nov 23rd '18

Earlier this month, the Committee of Advertising Practice (CAP), announced new rules on the use of data for marketing. What are these new rules, and how will they impact your marketing activity?


What is CAP?

CAP sets rules for advertising in the UK, which are policed and enforced by the Advertising Standards Authority.


Whether or not you’re governed by an industry body like the Financial Conduct Authority, if you advertise in the UK, you also need to abide by the CAP rules. You can read more about what this means in this blog on How to comply with the CAP code.


Why is CAP proposing changes on the use of data?

In its announcement, the Committee says that: ‘These changes are intended to ensure that its rules cover data protection issues most relevant to marketing, and that they align with the standards introduced by the General Data Protection Regulation (GDPR).


Previously, CAP’s regulation of data protection issues was carried out under two sets of rules: section 10 and Appendix 3.


Section 10 regulated the use of data for direct marketing generally. Appendix 3 focused on online advertising, and included rules on the transparency and control of data collected and used to deliver ads based on web-users’ browsing behaviour (sometimes known as ‘remarketing’).


What changes are planned?

CAP consulted on:


  • Proposals to remove section 10 rules relating to ‘pure data protection matters’. This is proposed on the basis that ‘these rules are unlikely to attract an expectation of regulation by the UK’s advertising regulator’
  • Proposals to amend marketing-related section 10 rules (and definitions) to ensure that they are aligned with the GDPR
  • A proposal to remove Appendix 3 (Online behavioural advertising (OBA)) of the CAP Code and to regulate OBA under an updated Section 10.


The new Section 10 rules are immediately effective, and will be subject to a review after 12 months.


In the first six months they are in force, the announcement says that ‘the ASA is likely to deal with matters informally, but reserves the right to tackle some cases formally where it believes…that a formal ruling is in the public’s and the sector’s interest’.


The Direct Marketing Commission, an independent industry watchdog, will be used by the ASA and CAP as a panel to advise on cases involving ‘legitimate interests’ and related matters.


You may remember from our blogs on the GDPR that ‘legitimate interest’ is one of the five lawful bases for processing data under the GDPR. Although in the run up to the GDPR’s introduction in May, there was a focus on using consent as a lawful basis for processing data, in practice, many firms have chosen to use legitimate interest as their basis.


What happens next?

CAP is going to carry out further consultation in two specific areas: marketing to children and publication of prize-winners’ names. This consultation will be published ‘imminently’ and will last for four weeks.


How to make sure you stay on the right side of data rules


1.  Familiarise yourself with the rules

CAP’s full regulatory statement can be read here, along with copies of the consultation responses and CAP’s evaluation of them.


2.  Get it right on record keeping

Compliant record-keeping underpins both the GDPR and many regulator-specific requirements. The FCA, for instance, has strict rules on the audit trails you need to establish for the approval, publication and archiving of your financial promotions.


3.  Take control of your data

How much oversight do you have of the way your firm’s data is used? In professional services in particular, Marketing teams may not be the only ones processing and using contact data – with consultants and advisers often in control of their own client and prospect communications.


If this is a risk to your marketing compliance, find out how to take back control of your marketing activity to reduce the risk of regulatory breaches.


4.  Make compliance with data rules an in-built element of your marketing

A sure-fire way to reduce the risk of data non-compliance is to embed a culture where best practice is inbuilt.


Best practice data management for all firms

Whether you work in a regulated industry or not, you need to comply with data protection rules. Meeting the new requirements – and any other rules – is far easier if you make a culture of compliance non-negotiable in your firm.


How can we help?

At LS Consultancy, we offer a complete solution with a range of cost effective, regulatory compliance and marketing products and solutions including copy advice that are uniquely suited to supporting firms.


Explore our full range today.