The information on this page was current at the time it was published. Regulations, trends, statistics, and other information are constantly changing. While we strive to update our Knowledge Base, we strongly suggest you use these pages as a general guide and be sure to verify any regulations, statistics, guidelines, or other information that are important to your efforts.


Brexit Update:
Since the UK officially left the European Union on January 31, 2020, the relationship between the two has evolved and continues to be shaped by the ongoing implementation of the withdrawal agreement.

Key Dates:

  • January 31, 2020: UK officially left the EU and entered a transition period that ended on December 31, 2020.

  • December 31, 2020: The transition period ended, and the UK fully exited the EU single market and customs union.

  • January 1, 2021: The UK-EU Trade and Cooperation Agreement came into effect, outlining the post-Brexit relationship between the two entities.

  • 2023/2024 Current: The UK and EU are still navigating the ongoing implementation and potential revisions of their post-Brexit relationship.

It's crucial for businesses operating in either the UK or the EU to stay informed about the latest developments and adjust their operations accordingly.


How-To Marketing For The UK

In the How-To Marketing for the UK sections, we provide you with guidance for how to take your product or service into the UK. Successful go-to-market strategies in each new country require an understanding of the market, setting realistic and measurable goals, and understanding what the opportunities are to reach target customers, and we give you resources and examples for what has worked and what hasn’t. Below are marketing regulations that apply when you are marketing in the UK. 


Marketing Regulations in the UK

Navigating marketing regulations in the UK? Know your legal landscape! Several key frameworks apply, with overlapping considerations for data privacy and electronic marketing.

Data Protection:

  • UK GDPR: Supersedes the Data Protection Act (DPA) since 2023. Governs all personal data processing, not just marketing.

  • PECR: Remains relevant alongside UK GDPR for electronic marketing activities involving personal data (e.g., email, cookies).

Other considerations:

  • Consumer Protection from Unfair Trading Regulations (2008): Prohibits misleading advertising and unfair commercial practices.

  • Sector-specific regulations: May apply depending on your industry (e.g., financial services, gambling).

Tip: Consult the Information Commissioner's Office (ICO) for guidance on complying with these regulations.Remember, this is just a starting point. For in-depth guidance, always consult relevant legal professionals and regulatory bodies.


It is important to note, different types of marketing, e.g., phone, text, email, etc., have different regulations and requirements, so you should know and understand the differences for each type of direct marketing method you choose to use. 


Data Protection Act

Marketing and personal data in the UK: UK GDPR reigns supreme

The Data Protection Act (DPA) was superseded by the UK General Data Protection Regulation (UK GDPR) in 2023. This regulation governs all personal data processing, including for marketing purposes.

Key points for marketers:

  • Consent: Generally required for most marketing activities involving personal data.

  • Transparency: Be clear about how you collect and use data.

  • Individual rights: Respect individuals' rights to access, rectify, erase, and restrict processing of their data.

  • Lawful basis: Identify and document the lawful basis for processing personal data for marketing (e.g., consent, legitimate interests).

  • Data Security: Implement appropriate safeguards to protect personal data.

Specific principles relevant to marketing:

  • Fairness and Lawfulness: Tell individuals about your data collection and use for marketing, and obtain their consent where required.

  • Purpose Limitation: Collect data only for the specified purpose and use it only for that purpose.

  • Data Accuracy: Keep data accurate and up-to-date.

For detailed guidance: Consult the Information Commissioner's Office (ICO).

While Section 11 of the DPA is outdated, the UK General Data Protection Regulation (UK GDPR) still grants individuals the right to object to direct marketing at any time. This includes written notice or through readily available unsubscribe mechanisms. Responding to opt-outs promptly is crucial, regardless of acknowledgement.

Targeting ads based on user data like browsing history or login information falls under the UK GDPR, requiring transparency and consent for processing personal data. Non-targeted or contextual ads may not directly involve identifiable users and may not necessarily trigger GDPR obligations.

Compliance and enforcement: The Information Commissioner's Office (ICO) remains the regulatory body, enforcing the UK GDPR through audits, guidance, and potentially, fines up to £20 million.

Privacy and Electronic Communications (EC Directive) Regulations 

Privacy and Electronic Communications (PECR) in 2023: Navigate electronic marketing in the UK

The Privacy and Electronic Communications (EC Directive) Regulations (PECR) remain relevant in 2023, alongside the UK General Data Protection Regulation (UK GDPR). While broader than the UK GDPR, they focus specifically on privacy in electronic communications and marketing.

PECR applies to you if:

  • You market by phone, text, email, or fax.

  • You use cookies or similar technologies on your website.

  • You compile a telephone directory (or similar public directory).

Key considerations under PECR:

  • Consent: Generally required for most electronic marketing activities involving personal data. Opt-in mechanisms must be clear and accessible.

  • Transparency: Be clear about how you collect, use, and store communication data.

  • Privacy rights: Individuals have rights to access, rectify, and erase their communication data.

  • Security: Implement appropriate safeguards to protect communication data.


What are the important terms to understand?

Electronic Communications—Although it is not defined in the PECR, electronic communications generally means any information sent between particular parties through a phone line or internet connection. This includes:

  • phone calls

  • text messages

  • video messages

  • faxes

  • emails

  • internet messages

Electronic communications does not include generally available information, such as the content of websites or broadcast programming.


In the context of the PECR, consent must be knowingly given, clear, and specific. It must be given to your particular company and to the manner in which you intend to market, i.e., email, phone call (live or automated), text, or fax.


The clearest way to obtain consent is to allow the receiver to click an “opt-in” box. You must always provide the receiver with the opportunity to withdraw consent, or “opt out.” An unticked “opt-in” box is more clear than a pre-ticked “opt-in” box or an “opt-out” box.



Opt-in Example

Check if you would like to receive information about our products and any special offers:

by mail  /  by email  /  by telephone  /  by recorded call  /  by text message


Opt-out Example

“By submitting this registration/enquiry form, you indicate your consent to receiving email marketing messages from us. If you do not want to receive such messages, check here."


Can I use marketing lists? 

Navigating marketing lists in the UK: Compliance is key. Using marketing lists in the UK requires careful consideration of both the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). These regulations ensure responsible marketing practices and individual privacy protection.

Bought-in marketing lists in the UK: Tread carefully for 2023 compliance

While using bought-in marketing lists has some use cases in the UK, navigating the legal landscape requires significant caution and compliance with both the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

Important considerations:

  • Limited use: Bought-in lists are generally impractical for recorded call, text, and email marketing due to strict consent requirements under UK GDPR and PECR. Individuals must have given specific consent for receiving the specific type of marketing you're using (e.g., email opt-in for email campaigns).

  • Consent limitations: Generic consent for any third party is insufficient. Purchased lists should ideally contain evidence of individuals' specific and recent consent for the exact marketing channel you'll be using.

  • Data accuracy and source: Scrutinize the list's data accuracy and source. Avoid lists obtained through unfair means or containing inaccurate information. This helps ensure compliance with both regulations.

  • Screening lists: For live phone calls, screen the list against the Telephone Preference Service (TPS) and your own "do not call" list. Similarly, for B2B fax marketing, use the Fax Preference Service (FPS) and your "do not fax" list.

  • Transparency and opt-out: Clearly disclose your data source and provide easy unsubscribe mechanisms for recipients.


Building your own marketing lists in the UK: Navigating consent under UK GDPR and PECR

Compiling your own marketing lists in the UK offers valuable reach to potential customers, but proper consent management under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR) is crucial.

Key considerations:

  • Explicit consent: Always acquire clear and informed consent from individuals for adding them to your list and specifying the marketing channels used (e.g., email, phone). Generic consent covering any third party is insufficient.

  • Opt-in mechanisms: Make opting in to your marketing effortless for users. Use dedicated opt-in boxes for each channel you plan to use.

  • Transparency: Be upfront about your data collection and usage practices. Explain how you'll use their data for marketing purposes in a clear and concise privacy policy.

  • Data accuracy and records: Maintain accurate and up-to-date records of when, how, and what type of marketing consent you received for each individual.

  • Individual vs. Company: Differentiate between individuals and companies on your list. B2B marketing has different rules compared to B2C. If unsure, treat the entity as an individual and follow stricter individual consent requirements.

  • Avoid pre-ticked boxes: Opt-in boxes should be unchecked by default. Individuals must actively choose to opt-in.

  • Provide unsubscribe options: Clearly display unsubscribe mechanisms in every marketing message you send.

  • Consider double opt-in: This practice sends a confirmation email upon initial opt-in, adding an extra layer of consent verification.

Sharing marketing lists in the UK: Navigating consent under UK GDPR and PECR

Sharing marketing lists with other companies or groups requires careful consideration under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). Both regulations emphasize individual control over their personal data.

Key points to remember:

  • Explicit consent: You must obtain clear and informed consent from individuals before sharing their data with any third party, including other companies or groups within your parent company. Generic consent for any third party is insufficient.

  • Transparency: Clearly explain in your privacy policy and during consent collection how their data may be shared with third parties. Avoid hiding this information in difficult-to-find clauses.

  • Opt-in mechanisms: Provide an easy and accessible way for individuals to opt-out of their data being shared. This could be through a dedicated checkbox during consent collection or clear unsubscribe options in your marketing communications.

  • Lawful basis: Identify the lawful basis for processing personal data under UK GDPR. Sharing data for marketing purposes generally requires explicit consent, but other lawful bases may apply depending on the specific scenario.

  • Data security: Implement appropriate safeguards to protect personal data from unauthorized access, loss, or misuse when sharing with third parties.

  • Consider using data minimization principles. Only share the minimum amount of personal data necessary for the intended purpose.

  • Document your consent processes and data sharing practices for audit purposes.

  • Consult legal professionals for specific advice on your data sharing practices and ensure compliance with relevant regulations.

Respecting Opt-Outs and Objections: Key Steps for UK Compliance

In the UK, respecting individual choices regarding marketing communications is crucial under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). Here's how to handle opt-outs and objections effectively:

Responding to Opt-Outs:

  • Immediate action: Upon receiving an opt-out request (e.g., unsubscribe), add the individual to your "do not contact" list immediately. This ensures they are not contacted again for any marketing purposes through any channels.

  • Confirmation message: Send a prompt confirmation email or message acknowledging their opt-out and detailing their removal from your marketing lists.

  • No further contact: Remember, any further contact, even for re-opt-in, constitutes a potential breach. Respect their decision to opt-out.

Responding to Objections:

  • Address concerns: If someone objects to your marketing practices, listen and address their concerns promptly and professionally.

  • Investigate and rectify: Investigate the reason for their objection and take appropriate action to rectify the situation, if necessary.

  • Comply with objection rights: If their objection pertains to their data processing, understand and comply with their right to object and restrict processing under UK GDPR.

Maintaining Data:

  • Do not delete: While not actively contacting individuals on your "do not contact" list, retain their information for a reasonable period to ensure they are not inadvertently included in future marketing campaigns. This is particularly important when using bought lists or when data merging occurs.

  • Secure storage: Implement appropriate safeguards to protect their data while it's stored on your "do not contact" list.

Enforcement and Penalties:

  • Information Commissioner's Office (ICO): The ICO enforces PECR and UK GDPR, with the power to impose significant fines of up to £20 million (updated from £500,000) for serious breaches.

  • Compliance is key: Prioritize compliance with data protection regulations to avoid potential penalties and reputational damage.

Communications Act of 2003

Navigating Electronic Communications Regulations in the UK: The Role of the Communications Act 2003 and Ofcom

In the UK, the Communications Act 2003 plays a crucial role in regulating electronic communications, aiming to protect individuals from various forms of misuse. This includes aspects relevant to marketing, particularly concerning abandoned and silent calls.

Key points to remember:

  • Scope of the Act: The Communications Act 2003 covers a wide range of electronic communications, including telephone calls, text messages, and emails.

  • Ofcom's role: The independent regulator, Ofcom, enforces the Communications Act and investigates potential breaches.

  • Abandoned and silent calls: The Act specifically prohibits making abandoned and silent calls for marketing purposes. Abandoned calls are those where the caller hangs up before the recipient answers, while silent calls involve no voice being transmitted when the recipient answers.

  • Fines and penalties: Ofcom has the power to impose significant fines of up to £2 million (not £2 billion) for persistent or serious breaches of the Act, including violations related to abandoned and silent calls.

Additional notes:

  • The Act also covers other areas like unsolicited commercial communications (spam), harmful content online, and privacy protections.

  • Ofcom provides guidance and resources for businesses to ensure compliance with the Act.

  • Staying informed about relevant regulations and best practices is crucial for responsible marketing activities in the UK.

The Consumer Protection From Unfair Trading Regulations of 2008

Protecting Consumers in the UK: Understanding the Consumer Protection From Unfair Trading Regulations 2008

The Consumer Protection From Unfair Trading Regulations 2008 (CPUTR) remain a crucial set of rules protecting consumers from unfair, misleading, or aggressive marketing practices in the UK. These regulations are divided into four key categories:

1. General Fairness:

  • This category prohibits any conduct that falls below the "honest and fair" standard expected towards consumers. It acts as a broad safety net for consumer protection.

2. Misleading Practices:

  • This category bans any action that could deceive or mislead consumers, including false or deceptive messages, omissions of key information, and exaggeration of benefits.

3. Aggressive Sales Practices:

  • This category prohibits aggressive sales tactics that utilize harassment, coercion, undue pressure, or exploiting vulnerability.

4. Banned Practices:

  • This category outlines a list of 31 specific practices explicitly prohibited under the regulations, covering areas like misleading price promotions, bait-and-switch tactics, and hidden charges.

Enforcement and Compliance:

  • Since 2014, the Competition and Markets Authority (CMA) has replaced the Office of Fair Trading (OFT) as the primary enforcer of the CPUTR.

  • Non-compliance with these regulations can lead to significant consequences, including:

    • Extensive investigations and inquiries

    • Substantial fines and penalties

    • Damaged brand reputation and loss of business

    • Potential criminal prosecution in serious cases

Additional Notes:

  • The CPUTR complement the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR) for broader consumer protection in the digital age.

  • Staying informed about the CPUTR and best practices is crucial for businesses to ensure responsible marketing and ethical conduct in the UK.

Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing.

Navigating Responsible Marketing in the UK: The Code of Non-broadcast Advertising and ASA oversight

In the UK, the Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing (Non-broadcast Code) plays a crucial role in ensuring responsible and ethical marketing practices. Here's what you need to know:

The Code and its role:

  • Developed by the Committee of Advertising Practice (CAP), the self-regulatory body for non-broadcast advertising, the Code sets the standards for ethical and honest marketing across print, digital, and other non-broadcast channels.

  • Advertisers, agencies, and media all have a responsibility to comply with the Code's rules.

Enforcement and the ASA:

  • The Advertising Standards Authority (ASA) acts as the independent watchdog, enforcing the Code and handling complaints from consumers and businesses.

  • The ASA has the power to investigate potential breaches, remove non-compliant ads, and require amendments to ensure ads adhere to the Code's regulations.

Key aspects of the Code:

  • Truthfulness and honesty: Ads must be truthful and not mislead consumers.

  • Harassment and offensive content: Ads must not be offensive, harmful, or exploit vulnerable groups.

  • Children and age-restricted products: Specific rules protect children and restrict advertising of age-restricted products like alcohol and gambling.

  • Fair competition: Ads must not unfairly denigrate competitors or engage in misleading comparisons.

  • Privacy and data protection: Ads must comply with relevant data protection regulations like UK GDPR and PECR.

The UK's Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing (Non-broadcast Code) plays a vital role in promoting ethical and responsible marketing practices. While not directly the law, it operates in tandem with legal frameworks and carries significant weight due to its:

  • Government recognition: The Government, Trading Standards, and courts acknowledge the ASA/CAP system as a vital "established means" of consumer protection for non-broadcast marketing communications.

  • Legal influence: Courts may consider the Code when making rulings on related matters, giving its guidelines strong persuasive power.

  • Enforcement by ASA: The independent Advertising Standards Authority (ASA) actively enforces the Code, investigating potential breaches, removing non-compliant ads, and requiring amendments.

Scope and Coverage: The Code covers a wide range of aspects related to non-broadcast marketing, including:

  • Content of advertisements: Ensuring truthfulness, honesty, and avoidance of harm or offense.

  • Specific advertising types: Detailed rules for areas like children's advertising, alcohol and gambling promotion, and financial products.

  • Vulnerable groups: Protecting children, older adults, and other potentially vulnerable segments of the audience.

  • Transparency and fairness: Promoting fair competition and transparency in marketing practices.

Benefits of Compliance: Following the Non-broadcast Code offers significant advantages for businesses:

  • Consumer trust and reputation: Adherence to the Code fosters trust with consumers and protects your brand reputation.

  • Reduced risk of complaints and regulatory action: Complying with the Code minimizes the likelihood of complaints and potential interventions from the ASA or legal authorities.

  • Stronger ethical foundation: Demonstrates your commitment to ethical and responsible marketing practices, aligning with current consumer expectations.

Direct Marketing Code of Practice 

Navigating Direct Marketing in the UK: Codes and Legal Frameworks

In the UK, responsible direct marketing practices are guided by both industry standards and legal frameworks. While membership in the Direct Marketing Association (DMA) is not mandatory, adhering to the following principles is crucial:

  • Non-broadcast Code: Developed by the Advertising Standards Authority and Committee of Advertising Practice (ASA/CAP), this Code sets ethical and responsible standards for all non-broadcast marketing, including content and practices within direct marketing.

  • Direct Marketing Guidance: Issued by the Information Commissioner's Office (ICO), this guidance provides practical advice on complying with legal requirements like UK General Data Protection Regulation (UK GDPR) and Privacy and Electronic Communications Regulations (PECR) when conducting direct marketing activities.

Compliance with both the Non-broadcast Code and the ICO's Direct Marketing Guidance is strongly encouraged for all organizations engaging in direct marketing in the UK. This helps in:

  • Maintaining high ethical standards for consumer protection and building trust.

  • Minimizing the risk of complaints and potential regulatory action from the ASA/CAP and ICO.

  • Demonstrating commitment to responsible data practices and respecting individual privacy rights.

Communications Act of 2003


Code of Non-broadcast Advertising, Sales Promotion, and Direct Marketing

ASA/CAP website

Direct Marketing Association

Direct Marketing Commission

ICO website

ICO Direct Marketing Guidance

ASA/CAP Non-broadcast Code

Competition and Markets Authority (CMA) website

Electronic and telephone marketing

CMA guidance on the CPUTR

ICO guide to UK GDPR and consumer protection

ICO guide to PECR for electronic marketing

ICO guide to consent under UK GDPR