FEDMA’s principles apply to all its current members and prospective organisations who wish to join. This charter on ethical personal data management provides 5 ethical management principles which the data-driven marketing industry should abide to ensure ethical practices.

Be Honest and Fair

Organisations are expected to be honest and fair and offer a clear customer journey.
Organisations are expected to be clear with customers and prospects about why they collect data and how they intend to use it for marketing purposes.

Respect individuals

Organisations must act in accordance with all legal requirements relevant to the processing of personal data applicable to marketing activities; the processing must be based on a legal ground and provide the individuals with the rights they are legally entitled to, such as the right to object.

Organisations are expected to avoid irresponsible commercial communication.

Be diligent with personal data

Organisations are expected to always treat customer and prospect data with the utmost care and respect.

Organisations are expected to take reasonable steps (such as by validation when necessary) to ensure that customer and prospect data are accurate and kept up to date.

Empower customers

Customers and prospects should have access to organisations’ privacy policies providing an explanation relating to the processing of personal data for marketing purposes and their contact details enabling customers and prospects to interact with the organisation.

Organisations are expected, where possible, to give customers and prospects the possibility to express their preferences in receiving commercial communication through the different communication channels used by the organisation, and respect these. This can be done through the use of preference services lists (such as Robinson lists) where available.

Be accountable

Organisations must be GDPR-compliant and take responsibility for the processing of customer and prospect data in-house. When the data processing is partly or fully outsourced to a data processor, both the controller and the data processor should be responsible for ensuring that all the applicable legal provisions relating to such processing are compiled with unless a legal provision is explicitly assigned to either the controller or the processor.

Organisations must ensure that they employ appropriate security measures when processing customer and prospect data, taking into consideration the sensitivity of the data and technological state of the art.