Organisations have until 4 March 2020 to comment on the  ICO's revised Direct Marketing Code of Practice. The proposed code sets out the law and provides examples and good practice recommendations. The ICO states that adherence to the code will be a key measure of compliance and that direct marketers who do not follow the code will find it difficult to demonstrate that their processing complies with the GDPR or PECR. Additionally, the ICO says it will monitor compliance with the code through proactive audits. 

The draft includes sections on social media and in-app advertising which are likely to be closely scrutinised by stakeholders. Indeed, there are already calls for more detail on the use of the soft opt-in exemption in the context of a negotiation for a sale, particularly in the context of so-called “free” services. 

Ultimately, however, regardless of what technology you use to deliver direct marketing or collect data for direct marketing purposes, you still need to comply with the GDPR and PECR. The draft code goes some, but not all, of the way to telling you how.