The dilemma of buying leads to attract customers.
Should you buy leads from third parties or attract customers directly through your website?
Mr Jones, a business owner, needed to use a marketing strategy to attract customers to his products on the Amazon and eBay websites. He thought about purchasing leads in order to use these in his email autoresponder. He needed this in addition to directing his social media followers to the website without breaching the ICO regulations.
Taking care during unsolicited calls
Regulation 22 (Privacy and Electronic Communications Regulations (PECR)) does not allow unsolicited calls in direct marketing campaigns to attract leads for business.
Some companies sell on personal data to third parties. If you buy this data from a third party, you should check whether the personal data has been collected legally. Is data you collected in breach of the GDPR or the ICO regulations. A person who has consented to supply personal information to another needs to do so via a voluntary opt-in process. So check boxes on your website that allow people to opt out from subscribing to your organisations are illegal. They cannot be part of your data collection or email subscriber list building methods.
Should you buy leads from third parties? If you do purchase personal data from third parties, you need to check that the data that you have bought has been collected legally. Otherwise, you may be in breach of the ICO’s Data Protection Laws. Also, the Telephone Preference Service (TPS) is a register of individuals who have specifically requested not receive unsolicited calls. You can subscribe to this service for a fee if you intend to use direct marketing and avoid contacting those on the TPS register.
Are you storing and processing data carefully?
You need to carefully store and process your customers’ personal data, manage the data collection and requests for information. You also need documented evidence that you have or are doing this. Clients can make a complaint to the ICO if their personal data has been misused by you, or your Data Processing Officer. They can also complain if you have not supplied to them information about their personal data stored by you. You also need to demonstrate within your policies how you manage the access rights of a person. Such rights include the access to their data, rights to erase their personal data and rights to rectify their personal data.
You, as the business owner / Data Protection Officer could be sued for negligence under the data protection laws. For example, you failed to take reasonable care and due diligence to verify data that you have bought for marketing purposes. Reasonable care would be to ensure that you collect, process and store data that is legally compliant. You are deemed as ought to know the risks of lack of compliance with Data Protection Law as business owner.
Before you start working with third parties on your marketing campaigns, it is best to ensure that you have relevant legal contracts that include risk assessments, safeguarding children and vulnerable adults, and security checks with organisations, such as the TPS, to ensure that you are GDPR compliant. Should you buy leads from third parties? Consult before you start.