Data collection guidelines for UK email data

Good quality data is the cornerstone of a successful email campaign.

However, there are many issues to be addressed to ensure that best practice is achieved in the collection and use of data for UK based recipients.

The following best practice guidelines are based on those provided by the DMA Email Marketing Council, to guide you through some of the key legislative issues that relate to data collection and permissions. (NB, this information is intended to provide guidance only, and does not constitute professional advice.)

Data collection

When collecting personal data which includes an email address, Data Users (ie the organisation making use of collected data for direct marketing purposes) must:

  • only ask for information that is necessary for the purpose for which the data will be used;
  • display a clear data protection notice (see below for more detail) and a link to, or full details of, a Privacy Policy at the point of data collection;
  • gain positive consent to send Unsolicited Commercial Email Messages (for example with the use of an ‘Opt-In’ tick box), unless the soft opt-in exception described below applies

Furthermore, Data Users should consider sending a confirmation email after individuals have signed up to receive unsolicited commercial emails, that:

  • clearly confirms what the person has signed up for and what data they have provided
  • gives them the chance to correct any incorrect data and
  • says something like ‘if you’ve signed up in error, do this (e.g. one click, easy to use) to cancel your registration and
  • includes a telephone number to call (customer service line) if the subscriber has any concerns.

NB. The ‘harvesting’ of email addresses from websites, emails and other sources in the public domain without seeking individual consent is highly likely to involve contravention of the 1998 Act and the 2003 Regulations.

Soft Opt-In Exclusion (ie Opt-out)

The Soft Opt-In Exclusion can be used when all of the following conditions are met:

  • Email address are collected in the course of negotiations for the sale of or the sale of a product or service.

    Unsolicited Commercial Email Messages may be sent to “individual subscribers” without positive consent, who are prospects or customers of the Data User; and the email address has been gathered in the course of a sale or negotiations for the sale of a product or service to the prospect or customer.


  • The consumer is told that the mail address would be used for marketing purposes and offered an unsubscribe/opt-out facility. In this case, the Data User must have notified the individual at the point of data capture that they would like to send the individual emails marketing the Data User’s own ‘similar products or services’.


  • The marketing relates to similar products or services to those of the organisation collecting the data.


  • The identity of the sender is not disguised.
Data Protection Notices

When collecting an email address (online or offline), a data protection notice must be prominently displayed which clearly identifies the Data User, including the full corporate name and postal address details (which must include the registered office of the Data User if it is a registered company and may also include a trading address).

It must also include the following, unless this information is provided elsewhere on the website: company registration number, country of company registration, Vat number and any membership of a trade/professional association.

Please follow this link or refer to the DMA Direct Marketing Code of Practice for further information.