With it being the five-year anniversary of GDPR regulations being put into effect, we thought it appropriate to discuss how the reform of GDPR legislation isn’t as complex as it might seem; we’re here to help break it down for you.
In May 2018, the General Data Protection Regulation (GDPR) became a reality. GDPR set out to harmonise all data privacy laws across Europe, reshaping the way organisations at all levels, across different regions, approach data privacy.
“There is so much noise around GDPR now that it is not unusual to hear of data breaches from big, known brands,” said J Cromack, chief growth officer, Edit, and DataIQ privacy and trust champion 2020. “This can be catastrophic for the business, not only because the fine could be significant, but they will suffer reputational damage to their brand too.”
Cromack continued, “I have always said that you should never sell GDPR compliance services based on risk and fear, it needs to be based on doing the right thing by the consumer. It is the right thing because, unfortunately, there are bad actors out there who want to get hold of your data and – because we now live in a digital world – it is much easier for these people to effectively create a digital twin in order to ‘become’ you.”
In the world of data, GDPR is crucial. It’s the understanding, enacting, and following of these regulations that show our ethics. For a brand, it may seem as though the consumer clicking a consent box is data ethics being handled.
Here are a few reasons why direct mail can be considered acceptable under GDPR:
- Legitimate Interest: One of the lawful bases for processing personal data under the GDPR is the legitimate interest of the data controller or a third party. Direct mail can be justified as a legitimate interest if it is relevant to the recipient and if their rights and freedoms do not override this interest. However, it’s important to conduct a legitimate interest assessment (LIA) to ensure that the legitimate interest is balanced and justified.
- Consent: Another lawful basis for processing personal data is obtaining the individual’s consent. If the recipient has given their explicit consent to receive direct mail, it can be considered acceptable under the GDPR. Consent should be freely given, specific, informed, and unambiguous, and individuals must have the option to withdraw their consent at any time.
- Data Minimisation: The GDPR requires that personal data collected should be adequate, relevant, and limited to what is necessary for the purpose of processing. When using direct mail, it’s important to ensure that only the necessary personal data is used, and that the data processing is proportionate to the purpose of customer recruitment.
- Transparency and Privacy Notices: Organisations using direct mail for customer recruitment must provide clear and transparent information about the processing of personal data. Privacy notices should be provided to individuals, explaining how their data will be used, the purposes of the processing, and their rights regarding their personal data.
However, the process of analysing, cleansing, and manipulating data (which all fall under the GDPR practices) is far more complicated than that, and it’s probably not even considered by the consumer. This is where WE come into play.
With direct mail, we use data to reach individuals in their home via personalised mail. This typically includes name, address, and contact information. Whilst this is a niche means of targeting, direct mail really can be a awesome means of media for you campaign – here’s a few reasons why:
Cost – By being able to see who is legitimately interested in receiving a piece of direct mail, we can narrow the number of mailings down to an accurate amount. Meaning any mail that’s sent out, is more likely be read and engaged with. So, there’s no excess spend trying to reach ‘potential’ customers who will likely ignore it. This not only allows us to utilise client budget well, but it also reduces waste too.
Personable – When we utilise data well, we can make our mail to customers more personal, which allows the creative to appear less sales-orientated and provide an element of exclusivity. The potential to offer discounts to customers based on their loyalty also becomes a feasible option. Their legitimate interest can reward both parties, the consumer and the brand.
Compliant – Under the General Data Protection Regulation (GDPR), direct mail can still be used as a customer recruitment channel if it is done in compliance with the GDPR’s principles and requirements. While the GDPR imposes strict rules on the processing of personal data, it does not explicitly prohibit the use of direct mail for customer recruitment.
It’s crucial to note that these points provide a general overview and that specific legal advice should be sought to ensure compliance with the GDPR and any relevant data protection regulations in your jurisdiction.
At Join the Dots, we make a conscious effort to regularly check such regulations and ensure any direct mail campaigns we are planning are effective and compliant.