Practical telemarketing guidelines in the light of processing personal data

The guidelines are dedicated to the legal aspects of telemarketing, which is essentially marketing and advertising by telephone, a form of teleworking. In practice, telemarketing is often exercised as a complementary means for companies to inform individuals about new products or services by means of an electronic commercial communication, primarily with the aim of increasing sales and financial gain.

The aim of these guidelines is to promote compliance with the General Data Protection Regulation (hereinafter – GDPR) and the Law on Information Society Services of the Republic of Latvia (hereinafter – ISPL) requirements in telemarketing businesses.

The guidelines provide a structured overview of processing of personal data, demonstrating how telemarketing regulatory enactments interact, the legal relationship between the controller and the processor, the involvement of a “sub-processor”, the various legal aspects of sending a commercial communication as well as the highly important question of security of processing. 

The guidelines not only serve as a reminder of applicable GDPR rules and general definitions, rights and responsibilities of processors, they also provide examples that demonstrate different situations and possible infringements.

The abovementioned guidelines also reflect the legal aspects of commercial communications, for example, if a commercial communication is sent to an identified or identifiable natural person, the sender of the commercial communication must comply with the GDPR in addition to the ISPL. Essentially, regarding personal data and determining what is personal data – a telephone number, when combined with other information which has the effect of identifying a natural person, shall be regarded as personal data. 

On the other hand, if a person receives a commercial communication in which they are not addressed by name (e.g. SIA X generating a random telephone number or e-mail, when addressing the client, use: “Dear customer!”), the person is not identifiable and therefore no processing of personal data is carried out.

Generally, a commercial communication to a natural person by means of their e-mail address or other electronic means of communication shall be permitted if that person's consent is obtained, unless there are exceptions provided for in ISPL. 

The guidelines also remind that the consent must meet the following requirements:

The guidelines are advisory, however, they could be a helpful tool to orientate through the applicable regulations in the field of telemarketing and the processing of personal data for both companies carrying out commercial activities and sending commercial communications as processors as well as recipients of commercial communications.