The information on this page was current at the time it was published. Regulations, trends, statistics, and other information are constantly changing. While we strive to update our Knowledge Base, we strongly suggest you use these pages as a general guide and be sure to verify any regulations, statistics, guidelines, or other information that are important to your efforts.


January 31st, 2020 Update: On March 29, 2017, UK Prime Minister Theresa May triggered Article 50, which formally started the process whereby the UK would leave the European Union. The original plan was for the UK to leave the EU on March 29th, 2019 but on October 28th, 2019, the EU agreed to push the extension deadline to January 31, 2020. 

The council agreed to conclude the withdrawal, and it  took effect at midnight on January 31st, 2020. After this date, the UK is no  longer an EU member state. This will obviously shift how business is done in the UK. We will keep updating this page to reflect these changes. 

Learn more about Brexit here. 


How-To Marketing For The UK


In the How-To Marketing for the UK sections, we provide you with guidance for how to take your product or service into the UK. Successful go-to-market strategies in each new country require an understanding of the market, setting realistic and measurable goals, and understanding what the opportunities are to reach target customers, and we give you resources and examples for what has worked and what hasn’t. Below are marketing regulations that apply when you are marketing in the UK. 


Marketing Regulations in the UK


But before you start your marketing efforts, what regulations apply to marketing in the UK?

If you are looking to market your product or service in the United Kingdom, you need to be aware of and familiar with several different laws and regulations, and how they work together to form a comprehensive marketing legal regime. If your marketing involves the processing of personal data, i.e., it is directed to a specific individual, you must comply with the Data Protection Act (DPA). If you plan to market or advertise through electronic means, you must comply with the Privacy and Electronic Communications Regulations of 2003 (PECR). The PECR also govern the use of cookies, telephone directories, traffic data, location data, and security breaches.

It is important to note, different types of marketing, e.g., phone, text, email, etc., have different regulations and requirements, so you should know and understand the differences for each type of direct marketing method you choose to use. The table below provides a very high level overview of the basic requirements for each direct marketing method.

For a more in depth explanation of the regulations applicable to each method, see the specific section below.


Data Protection Act

If you know the name of the individual you are sending direct marketing materials to, you must comply with the DPA. The DPA lays out your obligations in relation to the processing of personal data, which applies to processing for marketing purposes. It also gives an individual the right to prevent his or her personal data from being used for direct marketing purposes. In the context of marketing, the most relevant principles are as follows:

  • The first principle: You must process personal data fairly and lawfully. In particular, you need to tell individuals concerned who you are and how you intend to use their personal data for marketing purposes. If you plan to share their personal data, you must let them know your intent and you will likely need their consent. You must not do anything with an individual’s personal data that he would not reasonably expect or that could cause him unjustified harm.

  • The second principle: You must only collect data for the purpose you specified, you cannot later change that purpose to another purpose that would be incompatible. E.g., you cannot use personal data for marketing purposes if you originally collected the data for market research.

  • The fourth principle: You must ensure the data is accurate, and when necessary, up to date. A marketing list that is not up to date or does not accurately record an individual’s preference, could be a breach of the DPA.

Section 11 of the DPA gives individuals the right to prevent their personal data from being processed for direct marketing purposes. That means, an individual can, at any time, give you written notice to stop (or not begin) using his personal data for direct marketing purposes. Although it is considered best practice, you are not required to acknowledge the written request, but you must stop the marketing material from further delivery within a reasonable time.

If you are targeting online advertisements at individual users, the DPA might apply. For example: if you display personalised advertisements based on browsing history, purchase history, or log-in information, the DPA will likely apply. If however, you display non-targeted marketing (i.e., the marketing is the same for all users) or contextual marketing (i.e., the marketing is targeted to the content of the page rather than the identity or characteristics of specific users), your marketing is not likely subject to the DPA.

Enforcement of the DPA is the responsibility of the Information Commissioner’s Office (ICO). The ICO has many enforcement mechanisms available, including auditing, giving advice, and in serious breaches, monetary fines of up to £500,000.


Privacy and Electronic Communications (EC Directive) Regulations 

The Privacy and Electronic Communications (EC Directive) Regulations were created to complement the existing data protection regime and set out more specific privacy rights on electronic communications. The PECR are broader than the DPA, in that they apply even if your organisation does not process personal data for marketing purposes, i.e., you do not know the name of the person you are contacting. PECR applies if you:

  • market by phone, text, email, or fax;

  • use cookies or a similar technology on your website; or

  • compile a telephone (or similar public) directory.

The table above provides a very high level overview of the basic requirements for each direct marketing method. For a more in depth explanation of the rules applicable to each method, see the specific section in Direct Marketing.


What are the important terms to understand?

Electronic Communications—Although it is not defined in the PECR, electronic communications generally means any information sent between particular parties through a phone line or internet connection. This includes:

  • phone calls

  • text messages

  • video messages

  • faxes

  • emails

  • internet messages

Electronic communications does not include generally available information, such as the content of websites or broadcast programming.

Consent—In the context of the PECR, consent must be knowingly given, clear, and specific. It must be given to your particular company and to the manner in which you intend to market, i.e., email, phone call (live or automated), text, or fax.


The clearest way to obtain consent is to allow the receiver to click an “opt-in” box. You must always provide the receiver with the opportunity to withdraw consent, or “opt out.” An unticked “opt-in” box is more clear than a pre-ticked “opt-in” box or an “opt-out” box.



Opt-in Example

Check if you would like to receive information about our products and any special offers:

by mail  /  by email  /  by telephone  /  by recorded call  /  by text message


Opt-out Example

“By submitting this registration/enquiry form, you indicate your consent to receiving email marketing messages from us. If you do not want to receive such messages, check here."


Can I use marketing lists? 

You are allowed to use bought-in marketing lists and you can create your own marketing lists, however, you are still required to comply with all marketing regulations, which can be particularly tricky when using bought-in lists.


Bought-in marketing lists

You can use bought-in marketing lists when making live phone calls, but you must screen the list against the TPS and, when applicable, your own “do not call” list. For B2B fax marketing you must screen the bought-in marketing list against the FPS and your own “do not fax” list. Bought-in marketing lists are impractical for recorded call, text, and email marketing, which all require the individual to have given specific consent to receive the particular type of marketing from you. You must also satisfy yourself that any list you use is accurate and the data was collected fairly and that the consent is specific and recent enough to rely on.


Compiling your own marketing lists

Using the details of people who previously bought goods or services from you or who have registered through your website or made an enquiry is a great way to compile a marketing list. However, you cannot assume that because someone provided his contact details, he is happy to receiving marketing from you. You should make it clear upfront that you intend to use his details for marketing purposes. The easiest way to get clear consent is to use opt-in boxes for each type of marketing message you intend to send, e.g., text, email, phone. To ensure you are compiling an accurate and up to date list, record when, how, and what type of marketing consent you received. It is also important to note whether it is an individual or a company, as different rules apply to each. If you do not know whether it is an individual or a company, assume it is an individual and comply with the more strict rules.


Sharing marketing lists

If you intend to share your marketing lists with another company or group within your parent company, you must have each individual’s specific consent to do so. You cannot show consent by simply providing the notice in a hard to find, difficult to understand, and rarely read privacy policy.


Responding to objections or opt-ins

As soon as someone objects to or opts-out of your marketing messages, you should add him to your “do not contact” list. You can send an immediate reply confirming his unsubscribed status, but you may not contact him in the future even to ask if he would like to opt-in again. When someone objects or opts-out, you should not delete his information altogether, instead you should add him to your “do not contact” list, to ensure he will not be contacted in the future by mistake. This is particularly important if you buy new leads or marketing lists, as his details may be on a new list.

The Information Commissioner’s Office (ICO) is charged with the enforcement of the PECR. The ICO has the authority to impose monetary fines of up to £500,000 for serious breaches, as well as audit and investigation measures.


Communications Act of 2003

Ofcom regulates the Communications Act of 2003, which aims to prevent the misuse of public electronic communications, and relevant to marketing, abandoned and silent calls. Ofcom has the power to impose fines of up to £2 million for persistent misuse.


The Consumer Protection From Unfair Trading Regulations of 2008

The Consumer Protection From Unfair Trading Regulations prohibit a number of unfair, misleading, or aggressive marketing practices. The Regulations are arranged into four main categories:

  1. A general ban on conduct that falls below the level expected toward consumers. These bans are intended to be “safety net” protections for consumers.

  2. A prohibition on misleading practices, e.g., false or deceptive messages or omitting important information.

  3. A prohibition on aggressive sales techniques that utilize harassment, coercion, or undue influence.  

  4. An outright ban of 31 specific practices.

Until April 2014, the Regulations were enforced by local trading offices and the Office of Fair Trade (OFT), the OFT was replaced by the Competition and Markets Authority (CMA). Non-compliance with the Regulations could result in extensive and expensive investigation, monetary penalties, loss of customer confidence and business, and in some cases criminal prosecution.


Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing

The Committee of Advertising Practice (CAP) is the self-regulatory body that creates, revises, and provides authoritative advice on compliance with the Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing, which all advertisers, agencies, and media must follow. The Code is enforced by the Advertising Standards Authority (ASA), who can remove or require the amendment of ads that breach the rules.


It is important to note that the Code of Non-broadcast Advertising, Sales Promotion, and Directing Marketing does not have the force of the law, it operates alongside the law, but courts may make rulings on matters covered in the Code. The ASA/CAP self-regulatory system is recognised by the Government, Trading Standards, and courts as one of the “established means” of consumer protection in non-broadcast marketing communications.


The Code covers the content of advertisements and includes specific rules on certain types of advertising, e.g., advertising to children, certain types of products, and distance selling.


Direct Marketing Code of Practice 

The Direct Marketing Association publishes the Direct Marketing Code of Practice, which is regulated by an independent Direct Marketing Commission. The Code sets the standards and best practices for direct marketing. Compliance is only mandatory for DMA members, but all organisations using direct marketing are encouraged to comply in order to ensure high standards and promote consumer confidence.


Data Protection Act

Privacy and Electronic Communications (EC Directive) Regulations

Communications Act of 2003

Committee of Advertising Practice


OfCom: Tackling abandoned and silent calls

Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing

Advertising Standards Authority

Direct Marketing Association

Direct Marketing Code of Practice

Direct Marketing Commission

Information Commissioner’s Office: Direct Marketing Checklist