Buying Data Suppression For UK Privacy Compliance

Compliance - Opt‑Outs, Preferences and Audit‑Ready Evidence

When you buy data suppression, you’re not just cleaning a list. You’re proving that every opt‑out is respected, every preference is honoured and every contact decision is defensible. This guide shows how to choose suppression services, set accuracy expectations and build the evidence pack you’ll need under UK GDPR and PECR.

What UK Law Expects From Suppression

• Respect opt‑outs and objections. Individuals have an absolute right to object to direct marketing. You should stop using their data for marketing and keep a suppression list so you don’t contact them again
• Keep accurate data. Personal data must be accurate and, where necessary, kept up to date. Take reasonable steps to correct inaccuracies without delay
• Email and SMS to individuals. You need consent or must meet the soft opt‑in for your own similar products, plus you must offer an opt‑out in every message and not conceal your identity
• Calls. You must screen numbers against TPS for individuals and CTPS for corporate subscribers and avoid anyone who has objected to your calls. Entries take effect after 28 days, so screen before each campaign
• Post. Screen prospect lists against the Mail Preference Service and your internal do‑not‑mail file as good practice, then honour any unsubscribe requests
• Charity fundraising. The Fundraising Preference Service lets people stop charity fundraising contact across post, phone, email and SMS. Charities should check and action FPS requests quickly

The Suppression Types You Should Cover

• Opt‑outs and objections: your own consent and unsubscribe records, soft opt‑in status and a durable suppression list
• Preference services: TPS, CTPS and MPS for prospect data, plus Baby MPS in sensitive cases
• Deceased: suppress deceased records to avoid distress and fraud risk
• Movers and goneaways:  suppress goneaway records and, where appropriate, route true movers to updated addresses using licensed sources such as NCOA
• Duplicates: remove duplicate individuals, families or households to prevent over‑contacting and errors

Buying Models Compared

Choose a commercial and delivery model that protects accuracy and makes audits simple.

• Screen phone numbers against TPS and CTPS before each campaign, and do not call anyone who has objected
• For email and SMS to individuals, ensure consent or soft opt‑in, provide an unsubscribe in every message and action opt‑outs promptly

How To Specify Suppression Accuracy

Ask every provider to commit to measurable accuracy and show their workings.

• Define target metrics
• Precision - of all records the service suppressed, how many were right. Prioritise a high precision to minimise false positives
• Recall - of all records that should have been suppressed, how many were found.
• False positive rate - proportion of wrongly suppressed records. Keep this very low to avoid suppressing valid customers
• Demand a published matching policy
• Which fields must agree (full name, address lines, postcode, phone, email)
• How fuzzy or phonetic matching is used and capped
• How household vs individual matches are treated
• Require an attributed reason code per record
• Opt‑out source, TPS/CTPS, MPS, deceased, gone‑away, duplicate, FPS, internal DNC
• Check source file coverage and freshness
• Preference services, deceased and mover files, and your internal lists, with stated refresh cadence
• Ask for a confusion matrix on a held‑out sample and the change log that proves each decision

These practices help you meet the accuracy principle and the accountability duty to demonstrate compliance

The Evidence Auditors Expect

Build a lightweight but complete dossier that shows what you suppressed, why and when.

• Policy and contracts
• Your direct marketing policy and suppression standard
• Article 28-compliant processor contract with the suppression provider, covering instructions, confidentiality, security, sub‑processors, assistance and audit rights 
• Records of processing and decisions
• ROPA entries for marketing and suppression, including lawfulness, data categories, recipients and retention
• DPIA where high risk profiling applies
• Suppression audit files
• Timestamp, source file name and version, match keys used, confidence score and reason code per suppressed record
• Evidence of TPS/CTPS screening and date, and MPS checks for postal prospect lists
• Opt‑out evidence - who, when, how collected or withdrawn, plus proof of actioning, for example email unsubscribe event
• FPS suppression confirmations for charities 
• Operational proofs
• Campaign‑before‑use screening certificates and exception reports
• Reinstatement workflow for false positives with traceable approvals

Due Diligence Questions To Ask Vendors

• Data sources and updates
• Which preference, deceased and mover files are used and how often are they refreshed
• For movers, whether NCOA‑based sources are included and when last refreshed 
• Matching quality
• Deterministic vs probabilistic matching and thresholds
• Individual vs household suppression logic
• Governance and security
• Article 28 terms, ISO 27001, retention, data minimisation, UK hosting options 
• Auditability
• Field‑level change logs, reruns, reproducibility of results, and a route to investigate false positives
• PECR specifics
• TPS and CTPS screening cadence embedded in process, and clear handling of objections for calls 

Acceptance Testing - Prove Accuracy Before You Buy

• Prepare a representative test file that includes known opt‑outs, known deceased, recent movers and seeded records from your own suppression list
• Run the same file with two or three providers under NDA
• Compare precision, recall and false positive rates across suppression types
• Validate process as well as outcome - look for clear reason codes, timestamps and source file versions
• Review 100 randomly sampled decisions per suppression type with your compliance lead

Practical Frequency - When To Screen

• Calls: screen all numbers against TPS and CTPS before each campaign and do not call anyone who has objected or who is registered unless they have specifically consented to your calls
• Email and SMS: action every unsubscribe immediately and keep a do‑not‑contact list. Include an unsubscribe or reply‑to mechanism in every message
• Post: screen prospect lists against MPS and your internal do‑not‑mail before use
• Charities: check FPS for supporters who have opted out of fundraising contact

What Good Looks Like - A Sample Suppression Spec

• Sources: TPS, CTPS, MPS, FPS, deceased and mover files, plus your internal opt‑outs and duplicates
• Freshness: TPS/CTPS and internal lists at campaign‑time, MPS and deceased/mover files at least monthly or before each large drop
• Matching: deterministic on full name and address with postcode normalisation, controlled fuzzy tolerance for typos, per‑record confidence score
• Evidence: per‑record reason code, source and file version, timestamp, user or job ID, and immutable audit log
• Remediation: a fast route to review and reinstate any record with clear criteria and approver trail

How Sagacity Can Help

If you need a fast way to test and buy suppression with audit‑ready outputs, we can help in three ways:

• Connect: real‑time and batch data cleansing and suppression with per‑record audit details, including deduplication, movers and preference services
• Preference services: daily‑updated TPS checks, CTPS and MPS screening to keep campaigns compliant
• Deceased suppression: screen and remove deceased records with clear reason codes and evidence files (Request info from our team: Contact Sagacity)

Quick Reference - Laws and Guidance Cited

• UK GDPR accuracy and accountability principles 
• Records of processing, audit and documentation 
• PECR rules for email, SMS, calls and telephone preference screening 
• Preference services and charity‑specific opt‑outs 
• Royal Mail data hygiene for gone‑aways, movers and deceased 

Ready to transform your data with the UK's leading data suppression tools?