This Europe-wide legislation, which governs email communications with private individuals, demands that companies only send unsolicited sales messages via email to non-customers if they have actively opted-in to receiving them.

In practice, this means that whenever someone's details are recorded - for instance, as part of a money-off promotion or a competition - they must be asked whether they want to receive subsequent sales marketing e-messages from that company or any other third party. The legislation makes it crystal clear that simply offering someone the opportunity to opt-out of receiving unsolicited emails (or indeed pre-ticking an opt-in box) does not comply with the Directive.

Firms that flout the law can be fined up to £5000 for each breach of the regulations.

Richard Fox warns that "companies that have not complied are putting their carefully built brands at risk by putting out the message to consumers that they apparently don't care about legislation designed to protect their prospective customers' privacy". He adds that "this effectively puts them in the category of junk emailers, associating them with a rising tide of spam and growing consumer concerns over the security of their personal records". Non-compliant companies urgently need to put processes in place to limit their current risk, says Fox. If not, he says, they could find themselves the subject of a highly public complaint, or a test case prosecution.

In addition, says Fox, there is a major forensic and clean-up job to be done on these companies' marketing databases. "In effect, each firm has to set up a proper fail-safe permissions section to its contact database to ensure compliance," says Fox. "This can be matched against commercially available opt-in databases to double check whether someone has given permission through another party to receive unsolicited email in the company's business category."

"Failure to observe these routines is, quite simply, breaking the law, and the situation will certainly catch up with organisations that do not now sit up and pay attention to the issue," he says. "Those who have not yet paid full attention to this issue need to do so with all speed, before enforcement test cases start to be launched, either by individuals or by the regulatory authorities, and before consumer lobby groups (and consumers themselves) blacklist them," adds Fox.