Ensuring your marketing database is legal - checklist

Ensuring your marketing database is legal - checklistAny business that handles and stores data and uses it for marketing purposes needs to make sure they're doing so legally. Our checklist covers your main obligations.

  • Review what data you collect, and why you need it.
  • Ensure that you do not collect any unnecessary personal data; delete any unnecessary information from your records.
  • Check whether you need to notify the Information Commissioner about your use of personal data and, if necessary, do so.
  • Train employees on how data protection principles apply to their work.
  • Make breaches of data security policies and misuse of data disciplinary offences.
  • Collect information fairly; to be sure, always ask contacts to opt in before adding them to your database.
  • Make sure you have a fully documented and demonstrable process for processing data lawfully, and that you've carried out a data risk assessment.
  • Include a statement of your privacy policy on your website.
  • Maintain a 'do not contact' list of individuals and companies who have opted out; check against this list before adding new contacts to your database.
  • Take steps to ensure that you input data accurately.
  • If you buy in mailing (or other) lists, ensure that they have been properly screened: for example, checked against the Mailing Preference Service, and that the list broker has obtained the proper opt ins if you want to market to the list electronically.
  • Give contacts the right to opt out from further communications whenever you send them mail or electronic communications.
  • Protect access to systems and data: for example, through appropriate building security and computer passwords.
  • Install appropriate electronic security: for example, a firewall and anti-virus software.
  • Restrict access to sensitive information to employees who need it.
  • Set up a system for updating your database, including removing information that is no longer needed.
  • Dispose of old records (on paper or electronic records) securely.
  • Ensure that you back up your database, and that backup copies are kept secure.
  • Set up a procedure for responding to subject access requests from individuals who ask to see what information you hold on them.
  • Check the legal position before you transfer or sell your database (for example, selling to a third party or transferring to an overseas office).

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.