Is this the death knell for unsolicited, direct marketing in SA?

by Natalie Laurencik. Direct marketing is a minefield at the moment with POPIA, nevermind all the possible other legislative and regulatory considerations.

by Natalie Laurencik. Direct marketing is a minefield at the moment with POPIA, nevermind all the possible other legislative and regulatory considerations you may need to take into account. At the very least all of this keeps lawyers in business – but creates a massive headache for the direct marketers. Let’s talk about where to from here.

Section 69 has mandated that direct marketers are no longer able to approach a data subject in pursuance of a sale or the promotion of goods or services (this also applies to donations) more than once, to obtain their consent. To break this down, a data subject is a person or an organisation. In context of this definition, approach can be either in person, by mail or electronic communication.

The first two are self-explanatory and with any luck maybe we will see the end of those awkward interactions in malls with overzealous sales people. All types of electronic communications are covered, save for telephone calls, some social media marketing and behavioral advertising.

So, what can you do?

You can contact the data subject via a direct marketing channel once, in order to obtain their consent to continue communicating with them in relation to the goods or services that you are promoting. Consent is required to be voluntary, specific and informed in terms of POPIA generally, but in the case of direct marketing POPIA requires that you also make use of Form 4. Unfortunately, absolutely no direct marketer would want to use this form as it would almost certainly further deter any potential subscriber.

Essentially, what Form 4 requires is that you collect the data subject’s full name, signature, the date and location of the consent given. You will also need to inform the data subject who the responsible party is (who is sending the direct marketing), by stating their full name and contact details. You will need to specify the same information if anyone is designated to act on the responsible party’s behalf. You will also need to specify what goods or services you intend to market to them and through what channels.

It is important to note that should a data subject not respond to your request for their consent, you must view this as an ‘opt out’ and remove them from your marketing list. If a data subject does consent to receive marketing about specific goods or services, through certain channels, then that consent must be respected for those precise selections.

Should the responsible party who has obtained that specific consent then wish to offer additional goods or services, it may then have to contact the data subject again to obtain consent to market them in relation to the new offering. This would be seen as “further processing” in terms of POPIA. This highlights the specificity of the consent required by POPIA, as gone are the days of offering everything from car finance to cosmetics to the subscriber.

Direct marketing must be pointed and strategic. Yes, it an extra hoop to jump through but, is it a bad thing? We have been told that the spray and pray approach doesn’t work anyway; and that this presents a new opportunity, albeit forced, for marketers to identify their potential customers; and then to target them in a meaningful way, with real understanding, in the pursuit of significant engagement.

By way of example: I might not be interested in the car finance, because I ride a scooter. But, I love handbags and since it’s my birthday soon, I am in the market for a new one. I would think this marketing spend is better utilised on the marketing of the handbag. Not only am I happy to hear from the handbag retailer, but I want to continue to hear from this retailer with regard to all future sales and new designs. I am even open to receiving further information about the retailer’s other fashion items and joining their loyalty program. I consider the retailer’s targeted approach a service, as it is saving me time and money, and I do not need to go looking for a new handbag as the best prices are offered to me directly. Also, I am not writing to the Information Regulator to complain about the retailer and its offer of vehicle finance which I consider an annoyance and invasion of my privacy.

Reputational risk

Apart from the law and its consequences, your brand’s reputation is at risk. No one wants to hear from brands that don’t understand them. The immediate assumption on the data subject’s part is that their information has been exploited, as the data subject themselves would have never opted in to marketing of this nature. This translates into an immediate lack of trust. It would be very difficult to cultivate a meaningful relationship with the data subject with that foundation. In 2022, trust and privacy are inexplicably linked.

Marketers have, in this moment, an opportunity to alert their clients to compliance and place them in the best position to build relationships with their customers, based on trust and their brand value. Marketers can ensure they retrieve first party data and the quality of such. This direct, informed and specific consent being the gold standard for clients and marketers alike. This will go a long way to ensuring customer engagement and retention and of course complying with Section 69 of POPIA.

So, don’t throw the baby out with the bathwater just yet!


Main image credit:


Natalie Laurencik is co-founder and director of Consilium Legal, a boutique legal and business advisory. She has been a practicing attorney for 15 years. Her expertise lies in commercial law; with a strong focus on the media, advertising, and public relations sector. She also has a keen interest in privacy and data protection, and is immersed in compliance programmes for clients across several different industries. Laurencik is also completing a PECB certified GDPR DPO certification. 


– Receive the Retailing Africa newsletter every Wednesday • Subscribe here.