UK GDPR & Marketing Data

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) came into effect on 1st January 2021, following the UK’s departure from the EU. It is based on the EU GDPR and works alongside the Data Protection Act 2018, which has been in place since 25th May 2018. The UK GDPR sets high standards for how businesses collect, manage, and use personal data, ensuring the protection of individuals’ privacy rights. It applies to any business processing personal data related to individuals within the UK, with strict penalties for non-compliance.

UK GDPR Compliant Marketing Data

At Selectabase, we are committed to obtaining, processing, and using data responsibly and in compliance with the UK GDPR. Our marketing data lists and data-checking services adhere to the latest UK GDPR regulations, ensuring you receive high-quality, compliant marketing data.

Marketing is a key economic activity, and organisations have a legitimate interest in promoting their goods and services to the right audiences. For your convenience, our Prospect Download portal hosts Experian’s B2C Database and B2B Database, ensuring all data is compliant and properly sourced.

Experian’s data partners gather personal and commercial data responsibly, ensuring appropriate notice is given when passing data for use in products and services. Learn more about Experian here.

Four Simple Steps to UK GDPR-Compliant Marketing Data

Compliance

All B2B and B2C data are sourced in accordance with UK GDPR.

Data Processing

Selectabase processes data under the legitimate interest of a marketing company.

Marketing Data

Selectabase provides data for legitimate marketing purposes.

Purchase Data

Clients are responsible for processing data in line with UK GDPR guidelines.

Selectabase only supplies data that can be processed for direct marketing under the legal basis of legitimate interests. This means business-to-consumer (B2C) data is limited to postal data, screened against the Mailing Preference Service (MPS). For sole traders, partnerships, and corporate entities, business-to-business (B2B) data includes postal, telephone, and email data, screened against the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS).

Where required, we offer a full end-to-end solution that includes data selection, marketing material support, and fulfilment of print and post services, without releasing marketing data directly to clients.

UK GDPR Compliance for Purchased Data

Purchasing UK GDPR-compliant data from Selectabase doesn’t automatically make your organisation GDPR compliant. Clients must ensure they meet their own compliance obligations under UK GDPR, particularly when using purchased marketing lists. This includes following the guidelines set by the ICO and PECR (for electronic marketing).

You must ensure clear and accessible unsubscribe options in all communications and segment your audience correctly, ensuring the recipient has a legitimate interest in the content. Additionally, ensure compliance with the Electronic Commerce (EC Directive) Regulations 2002 when sending marketing communications.

  • See our full list of GDPR Marketing Data FAQ’s below.
  • Speak to one of our data experts today on 01304 383838 and find out how you can benefit from using Selectabase’s UK GDPR compliant data.
  • All orders are subject to our standard due diligence checks prior to acceptance.
  • Individuals (and businesses) who may be included in the marketing lists we source from our suppliers can unsubscribe easily via our Data Opt-Out Requests page.

GDPR Marketing Data FAQs

Yes, provided you comply with our terms, the UK GDPR, and the PECR. Our data lists are sold for direct marketing purposes, using legitimate interests as the legal basis for processing. For more information on legitimate interests, refer to the ICO’s guidance.

Yes, all our services are UK GDPR-compliant. We’ve conducted a legitimate interests assessment (LIA) to ensure we can process personal data for direct marketing purposes.

Yes, all our services comply with the Privacy and Electronic Communications Regulations (PECR). For example:

  • Postal mail is not subject to PECR.
  • Email marketing only uses B2B data (corporate data), which doesn’t require consent under PECR.
  • Live telephone marketing is screened against the TPS and CTPS.

We do not provide services where consent is required as the legal basis under UK GDPR or PECR.

We rely on legitimate interests under Article 6(1)(f) of the UK GDPR. We’ve chosen this legal basis because it’s the most appropriate for direct marketing. While we considered consent, legitimate interests provide a fairer and more practical approach, particularly when dealing with a large number of organisations. We also ensure transparency with data subjects, giving them the opportunity to object to the processing of their personal data.

Yes. Selectabase uses data sourced by Experian, which ensures compliance with UK GDPR. Our consumer postal marketing data can be used under legitimate interests, ensuring that all requirements for processing are met.

Yes. Business data for postal and telephone marketing, including data for sole traders and partnerships, is processed under legitimate interests. All relevant requirements for processing have been met, and data can be ordered via Prospect Download.

Email marketing to corporate entities using personal email addresses (e.g., john.smith@company.com) is governed by UK GDPR, while PECR applies to electronic marketing. Corporate emails don’t require consent under PECR, but you must ensure an unsubscribe option is provided. Generic emails (e.g., info@company.com) generally fall outside the scope of UK GDPR and PECR, but as a best practice, you should still include an opt-out.

Where consent was obtained prior to 25th May 2018, individuals either opted in or were given the opportunity to opt out of having their personal data processed for direct marketing purposes. Third parties would have been identified either by category or description.

This depends on the type of marketing. For example, B2C email marketing lists purchased before 25th May 2018 won’t meet UK GDPR consent requirements. In such cases, it’s recommended to purchase new data lists or ensure your legal basis for processing is updated to legitimate interests.

For more details, visit the ICO or speak to our data experts at 01304 383838.

Useful links

Guide to the UK GDPR
ICO
PECR
The DMA
FCA Guidance

Browse our Services or Contact Us for assistance

arrow