Contact Us  ¦  Advertise  ¦  Newsletter Subscription   ¦  Rate Card  ¦   PR Submissions  ¦  Search

Automotive Business Review Automotive Business Review
POPIA: Direct marketing guidance note

POPIA: Direct marketing guidance note

On 3 December 2024, the Information Regulator published a Guidance Note on what lawful direct marketing practices in South Africa entails. This note clarifies the requirements for processing of personal information for purposes of direct marketing, within the Protection of Personal Information Act (POPIA) framework.

Non-electronic communication: Where direct marketing communication is by non-electronic means (i.e., in person, by post, hand-delivered mail etc.):

  • Businesses may process personal information for direct marketing purposes provided that it has a legal justification for doing so. This dispenses with the requirement of obtaining consent from a data subject.
  • However, marketers must be able to demonstrate that the processing is necessary to protect the legitimate interests of the data subject (for example, where the data subject will receive discounts).  

Electronic communication: Where direct marketing occurs by means of electronic communication (email, automated calling machines, telephone, direct messaging on social media platforms or SMSs):

POPIA distinguishes between a data subject who is a customer, and a data subject who is not a customer.

If the data subject is a customer, businesses can send direct marketing communications to the customer provided that:  

  • The contact obtained the details of the customer in the context of a sale of a product or service (for example, a data subject opens an account at a retail store and provides contact details for purposes of opening the account).
  • The direct marketing communications are for purposes of marketing the organisation’s similar products or services.
  • The customer was given a reasonable opportunity to object, to the use of its information at the time the information was collected for marketing purposes, and every instance of contact thereafter.

If the data subject is not a customer, businesses can only send direct marketing communications with the data subject’s prior consent. In this regard the note provides that:

  • The first communication sent by businesses must be a communication requesting the consent of the data subject to market their goods or services. This can only happen once, and to a data subject who has not withheld consent previously.

The Guidance Note also gives direction on aspects related to (i) how to comply with the eight conditions for lawful processing when engaging in direct marketing activities, (ii) registering a pre-emptive block in terms of the Consumer Protection Act and (iii) lead generation and profiling in the direct marketing context.

Businesses that engage in direct marketing should therefore align their practices with the guidance note to ensure compliance with the POPIA.

For assistance with POPIA compliance matters, please contact your regional NEASA office.



Terms & Policies

Popular Articles

Addess: 12 Bradford Rd, Johannesburg, South Africa, 2007
Email: jason@abrbuzz.co.za

Copyright © 2024 Litage Publishing. All Rights Reserved.
Website by Jouweb.biz