I work for a not for profit membership organisation. When a member joins, we automatically send industry newletters to them which may contain marketing material, including our own products and services and offers from external parties. They have to option to Opt Out but not Opt In.
Whilst I feel that we could use Legitimate interest under GDPR as our lawful basis for processing if it were covered in our Privacy Notice but I am concerned that this is not PECR Compliant due to the marketing content and our not for profit status.
Can anyone confirm my thinking or otherwise please?
Would agree with you, this is non compliant, but it then becomes a risk based decision for management.
Useful information Petra, thank you!