Direct marketing in Belgium: the DPA broadens its definition — what SMEs must adjust

On 28 April 2026, the Belgian Data Protection Authority (DPA) published its updated Recommendation No. 1/2025 on direct marketing. For any Belgian SME that prospects or sends campaigns, a few points are worth a quick review.

1. A (much) broader definition

The DPA now treats as “direct marketing” any promotional communication — solicited or not, through any channel — whether it targets a person in a private or professional capacity. The consequence is direct: B2B no longer automatically escapes the rules. Your campaigns to professional contacts are in scope.

2. The legal basis is still the heart of it

As soon as an electronic channel is used (email, SMS), the ePrivacy Directive joins the GDPR and narrows your options. Good news for existing customers: if the address was obtained during a sale and unsubscribing is simple and systematic, no additional consent is required (the “soft opt-in” principle).

3. The signal sent to adtech

The DPA held IAB Europe responsible for a consent mechanism (the Transparency & Consent Framework) found non-compliant with the GDPR, with a €250,000 fine. The message for advertisers: a poorly designed consent banner is not a cosmetic detail — it creates real exposure.

4. What's coming at EU level

The “Digital Omnibus”, presented by the Commission in November 2025, aims to simplify the rules on cookies and consent, to reduce “consent fatigue” and the proliferation of banners. The rules will shift over the coming months: a good moment to clean up your practices rather than pile on patches.

The AI lens — humans first

Compliance lends itself well to automation: an AI assistant can monitor your consent forms, flag a missing unsubscribe link, or triage opt-out requests at scale. But AI executes — it does not decide. Interpreting a DPA recommendation, weighing legal basis against business goals, remains the role of an expert. That is our stance: humans first, AI in support.