Create Account

Wednesday 24th July 2024 | Telephone numbers on TPS: 16,789,132 | Telephone numbers on CTPS: 1,312,259 | Total numbers registered: 18,101,391

Staying within the law when marketing by phone

Making marketing calls legally may be more complicated than you might think.

It can be an expensive business if you don’t stay within the law too, not to mention the potential damage it can cause to your own or your client’s reputation and brand.

Companies or its directors not meeting their legal obligations can potentially be fined up to £500,000 by the Information Commissioner's Office (ICO). Monetary penalties have been issued for making repeated marketing calls to numbers listed on the Corporate / Telephone Preference Service (C/TPS) registers and ignoring people’s objections to those calls including:

  • Home Energy and Lifestyle Management Ltd – £200,000
  • Nationwide Energy Services Ltd – £125,000
  • We Claim U Gain Ltd – £100,000
  • MyIML – £80,000
  • Cold Call Elimination Ltd – £75,000
  • EMC Advisory Services Ltd – £70,000
  • Omega Marketing Services Ltd – £60,000
  • Assist Law – £30,000
  • IT Project Ltd – £40,000
  • Brighter Home Solutions Ltd – £50,000
  • MyHome Installations – £50,000
  • HPAS Ltd (trading as Safestyle UK) – £70,000
  • Laura Anderson Ltd (trading as Virgo Home Improvements) – £80,000
  • True Telecom Ltd – £85,000
  • Energy Saving Centre Ltd – £250,000
  • Approved Green Energy Solutions – £150,000
  • IAG Nationwide Ltd – £100,000
  • Our Vault Ltd – £70,000
  • AMS Marketing Ltd – £100,000
  • Oaklands Assist UK Ltd – £150,000
  • ACT Response Ltd – £140,000
  • Secure Home Systems Ltd – £80,000
  • DM Design Bedrooms Ltd – £160,000
  • Solartech North East Ltd – £90,000
  • Alistar Green Legal Services – £80,000
  • Avalon Direct Ltd – £80,000
  • Smart Home Protection Ltd – £90,000
  • Making it Easy Ltd – £160,000
  • Superior Style Home Improvements Ltd – £120,000
Contact Us and see how we can help

1. The Law

To understand your obligations fully, it’s a good idea to be aware of the two main pieces of legislation relating to making marketing phone calls and processing personal data.

The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 01 January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies (which is covered by the Data Protection Act 2018). It is based on the EU GDPR (General Data Protection Regulation (EU) 2016/679) which applied in the UK before that date, with some changes to make it work more effectively in a UK context. See The ICO's UK GDPR guide for more details.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) sets out rules for sending marketing and advertising by electronic means, such as by telephone, fax, email, text and picture or video message, or by using automated calling systems.

PECR also covers use of cookies or similar technologies that track information about people viewing a website or other e-service; security of public electronic communications services; privacy of customers using communications networks or services including traffic and location data, itemised billing, line identification services (e.g. caller ID and call return) and directory listings. See The ICO's PECR guide for more details.

PECR have been updated a number of times. Recent changes were made in 2018, to introduce personal director liability for serious breaches and ban cold-calling of claims management services. Then in 2019 to ban cold-calling of pensions schemes in certain circumstances (see below) and to incorporate the UK GDPR definition of consent.

2. Making Marketing Phone Calls Legally

Live calls

The rules on live marketing calls are in regulation 21 of PECR. In short, you must not make unsolicited live marketing calls:

  • to anyone who has told you they don’t want your calls; or
  • to any number registered with the TPS or CTPS, unless the person has specifically consented to your calls – even if they are an existing customer.
  • for the purpose of claims management services, unless the person has specifically consented to your calls; or.
  • in relation to pension schemes unless you are a trustee or manager of a pension scheme or a firm authorised by the Financial Conduct Authority, and the person you are calling has specifically consented to your calls or your relationship with the individual meets strict criteria.

You must always say who is calling, allow your number (or an alternative contact number) to be displayed to the person receiving the call, and provide a contact address or freephone number if asked.

So if you’re making live calls you must:

  1. Screen telephone numbers against the Telephone Preference Service register(s) before calling and every 28 days:
    • Telephone Preference Service (TPS) – if you’re calling individuals, sole traders and/or partnerships.
    • Corporate Telephone Preference Service (CTPS) – if you’re calling companies and corporate bodies (including Limited, PLC, Limited Liability Partnership, Scottish Partnership, government body, school, college and charity).
    • Screen against both registers to be 100% safe.
    • Use a full C/TPS licensee like 121prodata to ensure legal compliance.
  2. Keep your own in-house do-not-call list of anyone who says they don’t want your calls. Screen lists that you call against your own do-not-call list – and do not call them.
  3. Make sure that you do not disguise a marketing call as a market research call. This is known as ‘sugging’ (selling under the guise of research). If the call includes promotional material or collects data to use in future marketing, the call or message will be for direct marketing; you must say so and comply with the DPA and PECR direct marketing rules.

What are the rules on automated calls?

The rules on automated calls are in regulation 19 of PECR, and are stricter. You must not make an automated marketing call – that is, a call made by an automated dialling system that plays a recorded message – unless the person has specifically consented to receive this type of call from you. General consent for marketing, or even consent for live calls, is not enough – it must specifically cover automated calls.

All automated calls must include your name and a contact address or freephone number. You must also allow your number (or an alternative contact number) to be displayed to the person receiving the call.

For further information, see the ICO’s guidance on direct marketing.

3. Purchased Lists

If you are calling purchased or rented lists of prospect data you cannot simply rely on the data seller to have complied with the law. It is your responsibility to make sure that the data is legally compliant. You will need to:

  • check the origin and accuracy of the list.
  • check the legal basis for processing e.g. legitimate interest or consent.
  • check when and how consent was obtained, if relevent, and what it covers.
  • NOT use bought-in lists for texts, emails or recorded calls (unless you have proof of opt-in consent within last 6 months which specifically names or describes you).
  • screen against the TPS/CTPS.
  • tell people where you got their details and how they can exercise their rights.

One way to ensure that the data that you’re calling complies with the legislation is to use data providers that are Direct Marketing Association (DMA) members. See

4, Exploding a Myth

Many people think that it is not necessary to screen against TPS or CTPS if the number being called is an existing customer:

An organisation might want to continue calling an existing customer who has registered with the TPS even though they have not specifically consented, because it is confident in light of the past relationship that they would not object. However, calls in these circumstances are in breach of PECR and could result in enforcement action. Direct Marketing, ICO

Even if you consider an individual or company to be a customer, you still need GDPR-level consent to make marketing calls them if they are TPS or CTPS-registered.

What do I do next?

For further information, see the ICO’s guidance on direct marketing.

Or call Spencer Clarke,
Director, 121prodata Ltd on 01451 860805
  • C/TPS licensee – online self-service, managed service and API service available
  • Data, direct & digital marketing advice & outsourcing
  • GDPR & ePrivacy Regulation support

The content above is intended only to provide a summary and general overview on matters of interest. It is not intended to be comprehensive nor does it constitute legal advice. We attempt to ensure that the content is current but we do not guarantee its currency. You should seek legal or other professional advice before acting or relying on any of the content above.

Contact Us and see how we can help