Black Friday is one of the biggest shopping events of the year, and tomorrow marks the start of the sales frenzy. While everyone loves a good deal, businesses must ensure they comply with UK legal obligations to avoid regulatory action and reputational damage. Below are two critical areas to focus on: data protection and consumer protection.
Retailers often boost sales through targeted email campaigns and personalised shopping experiences using cookies. However, businesses must protect customer privacy and comply with UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Failure to do so can result in fines of up to £17.5 million or 4% of global turnover.
Explicit opt-in consent is required before sending marketing emails, texts, or messages. Consent must be clear, specific, and easy to withdraw—not hidden in the terms and conditions.
Retailers can market similar products to existing customers, provided that an opt-out option is offered at the point of sale and in all future communications, such as through an unsubscribe link.
The Competition and Markets Authority (CMA) is the UK’s principal competition and consumer protection authority. Businesses must avoid misleading urgency claims or price reduction tactics that put unfair pressure on consumers.
Offering a 30% discount as a time-limited deal, then repeating it soon after, is misleading. Sellers must not claim a discount is time-limited while continuing to offer it or use checkout timers without real expiration dates.
When advertising a price as promotional, it must be available for a shorter duration than the regular price. If the promotional price lasts as long as, or longer than, the regular price, it should not be promoted as a special offer and must be considered the usual selling price instead.
Need advice? Reach out to our Head of Corporate and Commercial Law, Andrew Gordon.
ECCTA Identity Verification: What Changed? From 18 November 2025, ECCTA will introduce mandatory identity verification…