What are the UK preference services and who runs them?
There are four UK-wide suppression registers that direct marketers need to know about. Three are administered by the Direct Marketing Association (DMA) on behalf of the relevant regulator or industry body. The fourth (FPS) sits alongside them.
The Telephone Preference Service (TPS) is the most consequential. It allows any UK consumer to register a personal or household telephone number, including a mobile, to signal that they do not want unsolicited live marketing calls. Ofcom mandates the service under the Communications Act 2003, and the Privacy and Electronic Communications Regulations 2003 (PECR) make it a legal obligation to screen against it. The register is administered day-to-day by the DMA. As of 2025, over 20 million numbers are registered.
The Corporate Telephone Preference Service (CTPS) mirrors TPS but for corporate subscribers. Partnerships, limited liability partnerships (LLPs), and bodies incorporated by statute (NHS trusts, housing associations, local authorities) can register their telephone numbers. Sole traders, who legally count as individuals rather than corporate bodies, register under standard TPS.
The Mailing Preference Service (MPS) covers consumer postal addresses. Individuals register to opt out of unsolicited advertising mail from organisations that are not already known to them. Unlike TPS, MPS does not sit in primary legislation; it is a DMA industry scheme. That matters for how you approach it legally.
The Fax Preference Service (FPS) covers unsolicited marketing faxes, both to individuals and to corporate bodies. PECR Regulation 20 makes it unlawful to send unsolicited marketing faxes to an individual registered on the FPS. It is worth knowing the FPS exists, even if most UK marketing operations no longer use fax at all.
What legal force does each register carry?
TPS and PECR Regulation 21
Under PECR Regulation 21, an organisation must not use a publicly available electronic communications service to make unsolicited calls for the purposes of direct marketing where the called party has registered with the TPS or has directly told the caller they do not want calls. There is no balancing test to apply and no legitimate-interests defence available. The obligation is absolute unless the individual has given prior consent to receive calls from that specific organisation.
That prior consent carve-out is narrower than many marketers assume. It must be freely given, specific, informed, and unambiguous. A consumer who bought from you three years ago and has not heard from you since has not given consent in any meaningful sense, even if they ticked a box at that time. For consumer telephone campaigns drawn from purchased data, assume TPS applies to every number until you have documented evidence to the contrary.
The Information Commissioner's Office (ICO) enforces PECR and can issue fines up to £500,000 for serious or repeated breaches. In practice, most enforcement actions against telemarketing companies involve a combination of calling TPS-registered numbers and failing to honour "do not call" requests from individuals who were reached. The ICO publishes enforcement notices on its website; reviewing recent cases from the past two years gives a clear picture of what gets investigated.
CTPS: the same legal basis, narrower scope
CTPS carries the same statutory weight as TPS under PECR. The difference is scope. A limited company registered at Companies House is not a natural person and is not protected by PECR in the same way consumers are; you can call a limited company's mainline number without CTPS being in play. Partnerships and LLPs, by contrast, have individual partners or members who are natural persons, and CTPS registration gives those entities protection.
For a typical B2B campaign targeting Finance Directors at mid-market UK businesses, most targets will be at limited companies and CTPS will not be triggered. But the moment your campaign touches partnerships (accountancy firms, solicitors, architects, GP practices structured as partnerships), you need to screen against CTPS. Sole traders in your file register under TPS, not CTPS, because legally they are individuals.
In practice, responsible data suppliers and list owners wash B2B telephone files against both TPS and CTPS by default. If you are running a campaign involving any entity type other than pure limited companies, confirm your supplier has applied both washes.
MPS: industry code rather than statute
The MPS operates under the DMA Code rather than under PECR or UK GDPR directly. There is no equivalent of Regulation 21 for postal marketing, which means calling a registered MPS address is not automatically a criminal or civil PECR breach.
The regulatory risk is indirect but real. The ICO's direct marketing guidance says that sending unsolicited mail to people who have registered with a preference service is likely to constitute unfair or opaque processing under UK GDPR Article 5(1)(a). If a complaint reaches the ICO and the sender cannot demonstrate they screened against MPS, the ICO will take a dim view of the accountability and transparency argument. For DMA member organisations, non-compliance is also a breach of the DMA Code, with potential loss of membership.
The practical takeaway: washing a consumer postal campaign against MPS costs very little, removes the loudest objectors from your list, and is consistent with what the ICO expects to see. Skip it only if you have a specific reason to believe every address on the file has given consent to you personally for postal contact.
UK suppression registers at a glance
| Register | Channel | Who it covers | Legal basis | Operator | Wash frequency |
|---|---|---|---|---|---|
| TPS | Telephone (live calls) | Consumers (individuals, households, sole traders) | PECR Regulation 21 (statutory) | DMA on behalf of Ofcom | At least every 28 days |
| CTPS | Telephone (live calls) | Corporate bodies: partnerships, LLPs, statutory bodies (not Ltd companies) | PECR Regulation 21 (statutory) | DMA on behalf of Ofcom | At least every 28 days |
| MPS | Postal (direct mail) | Consumers at a UK postal address | DMA Code (industry self-regulatory); ICO expects compliance under UK GDPR | DMA | Before each campaign; no fixed statutory interval |
| FPS | Fax | Individuals and corporate bodies | PECR Regulation 20 (statutory) | DMA | Before each campaign |
How often do you need to wash? The 28-day rule explained
For TPS and CTPS, the ICO expects lists to be washed at least every 28 days. The reason is mechanical: PECR gives a new TPS registration up to 28 days to take effect, so a number that was clean on 1 May may be registered by 29 May. Washing once at the point of list purchase and then using that list for the next six months is one of the most common compliance failures the ICO sees in telemarketing investigations.
A practical process for a quarterly outbound calling campaign might look like this:
- Receive washed file from data supplier at point of delivery.
- Re-wash against live TPS/CTPS immediately before the first calling week.
- If the campaign runs for more than 28 days, re-wash before any calling activity that falls outside the initial 28-day window.
- Log each wash date and the number of numbers suppressed, in case of an ICO enquiry.
Keep that log. If the ICO investigates a complaint, the first thing they will ask for is evidence that you washed, and when. "We asked the data supplier to wash it" without documentary evidence will not satisfy a formal information notice.
What about door drops and Royal Mail opt-outs?
Consumers can also register with Royal Mail's door-drop opt-out scheme, which is separate from MPS. MPS covers addressed mail (mail with a named recipient or household). Royal Mail's opt-out covers unaddressed door drops. A consumer who registers with MPS but not the Royal Mail scheme will still receive leaflets and unaddressed flyers; one who registers with Royal Mail but not MPS will still receive addressed direct mail.
If your campaign uses both addressed mail and unaddressed door drops, you need to screen against both MPS and the Royal Mail opt-out list. Treat them as separate suppression files rather than interchangeable substitutes.
Supplier responsibilities versus sender responsibilities
This is where disputes most often arise. A data supplier will generally wash a delivered telephone file against TPS and CTPS at the point of extraction. That wash has a timestamp. The moment you receive the file, your clock starts: after 28 days, you are responsible for re-washing before any further calling activity.
Responsibility under PECR sits with the "instigator" of the marketing call, which in practice means the brand whose products are being promoted. If you hire an outbound call centre to run calls on your behalf, you as the client remain the data controller and carry the PECR obligation. The call centre may be a joint data controller or a data processor depending on the arrangement, but that does not transfer your legal exposure to them.
The contract with your data supplier should specify: (a) the date on which the TPS wash was applied, (b) the version of the TPS/CTPS register used, and (c) a clause requiring the buyer to re-wash before campaign use. Reputable UK data suppliers include these terms as standard. If a contract does not mention suppression at all, that is a red flag worth raising before you pay.
Our view, based on handling B2B and B2C data for UK marketers, is that a supplier who washes only on delivery and claims that covers ongoing use for the life of the licence is giving you incorrect advice. Wash again before every campaign period. It costs a small access fee and takes a few hours; an ICO enforcement notice costs orders of magnitude more.
ICO enforcement: what actually gets you investigated
The ICO publishes its enforcement actions, and the TPS-related cases follow a recognisable pattern. The majority involve:
- Call centres making very high volumes of calls (tens of thousands per week) with no TPS screening at all.
- Organisations that washed once, years ago, and have been calling the same list since.
- Companies that screened against TPS but ignored in-call "do not call" requests, effectively continuing to call known objectors.
- Lead-generation businesses that called TPS-registered numbers to sell leads to third parties, treating PECR as someone else's problem.
Lower-volume B2B operations rarely face enforcement action for TPS issues provided they have a reasonable wash process in place. The risk rises sharply once campaign volumes exceed a few hundred calls per week, or if individual complaints to the ICO start to accumulate.
For context: in 2023, the ICO fined a double-glazing company £130,000 for making 107,000 calls to TPS-registered numbers. A claims-management firm received a £200,000 fine in 2024 for similar conduct. These are not headline-grabbing sums compared to UK GDPR Article 83 fines, but they are significant for the mid-market and SME companies most likely to be running outbound telephone campaigns.
It is also worth understanding how complaints reach the ICO. The TPS itself does not enforce; it logs complaints and passes aggregated reports to Ofcom and the ICO. A single complaint rarely triggers an investigation. But ten or twenty complaints against the same organisation in a short period will. Sustained consumer-facing calling campaigns carry real exposure if the calling process is not clean.
Automated calls: a stricter rule
PECR Regulation 19 covers automated marketing calls (recorded messages without a live agent). These require prior explicit consent regardless of TPS status; registering with TPS is not a complete defence, and neither is the absence of a TPS registration. Automated calling without consent is treated more seriously than live calls to TPS-registered numbers, and has attracted some of the larger ICO fines in the direct marketing space.
Suppression washing when buying data: who does what
When you buy a telephone contact list from a UK data supplier, the standard expectation is that the file has been washed against the current TPS/CTPS register at the point of delivery. For consumer postal files, a responsible supplier will also apply an MPS wash. Ask for the wash date in writing; it should appear on the delivery note or data specification sheet.
Where buyers sometimes get caught out is on the B2B side. Because CTPS covers only certain corporate entity types, some suppliers apply only a TPS wash to B2B files and leave CTPS to the buyer. If your campaign touches partnerships, LLPs, or public-sector organisations with registered numbers, check explicitly whether CTPS suppression was applied.
Understanding how PECR applies across different marketing channels helps you match the right suppression check to the right channel before briefing a data supplier. Getting the channel-level obligation wrong is where most compliance gaps originate.
For B2B campaigns using legitimate interests as the lawful basis, TPS/CTPS washing is a separate obligation from the UK GDPR lawful basis question. You can have a sound LIA in place and still breach PECR if you call a sole trader who has registered their number with TPS. The two regimes run in parallel. See our guide to consent versus legitimate interests for B2B prospecting for how the two frameworks interact.