Skip to content

Marketing data lists – how to navigate the minefield

The purchasing of marketing lists has become such a common occurrence that few seem to stop and consider the consequences doing so might have on their business…

The world is changing and it’s not moving in the favour of marketers, I’m sorry to say (speaking as one myself I know the pain only too well!).

Individuals – whether in a personal or professional capacity – have rights that make buying data lists a bit of a minefield for us, to say the least. But I’m sure we can all agree that this is a good thing, even if it does make our jobs a little bit harder!

And don’t worry – it doesn’t mean that you can’t buy lists. It just means you have to be cautious and follow some pretty strict guidelines.

1 – Permission

As you should know already, you need permission to send people marketing communications. It makes sense and is understandable – after all, who likes sifting through endless emails from random company after random company in which you have absolutely zero interest?

Now the permission element arguably creates a bit of a grey area in itself: is it enough to buy a list from a 3rd party who says they have permission? In short, that’s up to you. Because the responsibility is absolutely on you, as the company reaching out to the people on the list. If the recipient reports you to the ICO, it’ll be your business that receives a hefty fine (and a damaged reputation). It’s probably not a risk worth taking…

You need to do your due diligence, but more than that, you actually need to be able to prove that you have permission to contact every one of the individuals within the database, or that you have a legitimate interest in contacting them. Some sales manager from a dodgy data company who promises the list you’re buying is compliant just won’t cut the mustard, I’m afraid.

Here’s a paraphrased check list from the ICO itself that summarises the key points to bear in mind:

– Check the origin and accuracy of bought-in lists

– Ensure you buy the data from a reputable company (such as Experian)

– Screen call lists against the TPS

– Ensure you have very specific consent to email or text contacts

– Use opt-in boxes (not opt-out) wherever possible and keep clear records of consent

– Ensure you have consent before sharing contact details with a third party

2 – Right to be informed

So, you’ve bought your data from a reputable company like Experian. You’ve done your due diligence. You are confident that your targeting was top notch and you are legitimately able to contact everyone in your shiny new database. Yay!

Now what?

Can you just fire off mailshots left right and centre? Bombard them with discounts and incentives and CTAs?

Whoa now. Easy tiger. You’re not home and dry yet.

There’s another important step before you can go wild (side note: it’s probably not wise to go too wild – we recommend sending a maximum of one newsletter per week to your database, or it might start to feel spammy).

Good ol’ GDPR basically says that everyone has a right to be informed about what data is held about them.

So, you now have 30 days to send a message advising your contacts that you have their data. You need to tell them the below privacy information (and stick to it – if any of the privacy information changes you need to notify them accordingly):

– What data you have

– Why you have it / how you’ll use it

– How long you’ll keep it

– Who (if anyone) it will be shared with

According to the ICO, the information you provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.

3 – Opting out

Look at you, happily (and legally) sending your new list of contacts handy tips, the odd promotion and lots of marketing information. Life is good. Everything is going swimmingly.

But wait.

Someone has clicked that dreaded button in the footer of one of your emails…

You know the one – the easy, accessible means of unsubscribing that you are obligated to provide everyone who receives your marketing updates (cough hint cough).

I know. It’s a tough pill to swallow that there are actually people out there who aren’t interested in your weekly mailshots.

As tempting as it might be to beg them to stay and hear you out, unfortunately GDPR dictates that they are absolutely within their rights to unsubscribe – and never receive marketing communications from you again.

Not only do you need to remove them from your mailing list, but you need to add them to a ‘do not contact list’. Yep – that’s right: you cannot send them another marketing email unless they re-subscribe.

Now it does depend on what software you use to send your mailshots, but it’s quite likely the platform will automatically handle the ‘do not contact’ list for you (although make sure you check this because it’s important. You could be in lots of trouble for contacting someone who has unsubscribed).

And just to clear the murky water here – you are still able to send them relevant transactional messages (order confirmations, requests to fill in a customer satisfaction survey etc.). You just can’t keep trying to sell to them or push them to purchase.

And there you have it. From one marketer to another, some helpful tips and advice that should make it easier for you to navigate the minefield of purchasing marketing lists.

If you have any further questions or would like to talk to us in more detail about any concerns you may have, we are always more than happy to help.

Just click here, fill in a contact form and we’ll be in touch

Ransomware - the biggest cyber threat?
British Airways to face fine of £183.39m for data breach under GDPR
Scroll To Top