Under the GDPR individuals have the right to object to their personal data being used for direct marketing purposes. So, when can an SME send electronic direct marketing?
Electronic direct marketing involves the sending or making of unsolicited marketing communications, including by email, text message, phone or fax, to a recipient. These communications are usually made for the purpose of advertising a product or service or for other promotional purposes. Electronic direct marketing of this kind is subject to specific rules that are set out in the ePrivacy Regulations. Under the ePrivacy Regulations, the SME or person on whose behalf direct marketing communications are sent must generally have obtained the prior consent of the intended recipient, agreeing to receive such communications – and they must be able to demonstrate that the recipient actively agreed in advance to receiving such communications.
Consent must be a clear, affirmative act, freely given, specific, informed, and unambiguous, as required by the GDPR (these two laws work together in such cases). Where consent to marketing is given, it can be withdrawn at any time. The GDPR notes that silence, pre-ticked boxes, or inactivity will not generally be enough to signify consent. This means that a direct marketer cannot normally, for example, rely on therecipient failing to untick a pre-ticked box as a valid form of consent. Each direct marketing message sent by email or text should also identify the sender, or on whose behalf it is being sent, and provide a valid address so that the recipient may request that the sending of such messages should cease.
Read more:
https://arc-rec-project.eu/wp-content/uploads/2021/01/ARC-GUIDANCE-Data-Protection-Basics-1.pdf