gdpr and direct mail

GDPR and Direct Mail | All Your Questions Answered

In Updates by Apex Direct Mail

After its implementation in 2018, GDPR has had an impact on all aspects of marketing for businesses in Europe. In this article we are going to be looking at GDPR and direct mail, answering all your questions as well as showing you how to ensure that your next direct mail campaign is GDPR compliant.

What is GDPR?

GDPR stands for General Data Protection Regulation. It is the core of Europe’s digital privacy legislation. Under the terms of GDPR, organisations have to ensure that personal data is gathered legally and under certain conditions.

How is Direct Mail Affected By GDPR?

GDPR relates the storage of people’s personal information, this includes certain information that is utilised in direct mail campaigns. Personal information involved in direct mail campaigns includes:

  • Personal Address
  • Work Address
  • First and Last Name
  • Dynamic Personalised Information (such as if sending a birthday card, or including unique personal information in the mailing itself)

Do You Need Consent To Send Direct Mail Under GDPR?

Unlike with email marketing where the customer has to ‘opt in’, with direct mail businesses can organise mailing lists on the basis of ‘legitimate interest’.

Legitimate interest is when an organisation uses personal information in a way which is to be reasonably expected. Such as if a customer has purchased your product/services before, you might reasonably expect that they might want to again.

If your direct mail target is not an existing customer, you must ensure that they are someone who you can justify would benefit from your promotion. This relies on you making a reasonable judgement yourself, since there is no explicit definition under GDPR.

You should also make it easy for people to be removed from mailing lists if they wish.

Your Responsibility to Remain GDPR Compliant

By removing the need for obtaining consent to send direct mail, the customer is not responsible for the use of their data – you are. This means it is your job to show that you are using it in a reasonable way and that you have considered the customers interests.

When determining legitimate interest, it is your responsibility to show that you have considered the balance of data privacy and the interest of your contacts. Make sure that you can explain the benefits of the mailing and that you aren’t unnecessarily processing data (in reference to race, religion, sexuality) if it is not needed.

You should also make it easy for people to be removed from mailing lists if they wish.

To protect yourself from breaking GDPR rules when it comes to direct mail, you must be able to:

  • Justify the grounds of legitimate interest between you and your customers
  • Explain the purpose of processing and using personal data
  • Demonstrate the necessity for data processing

To demonstrate that you are doing all of the above, you could include the following points in your company’s privacy policy:

  • Your contact and company details
  • The way you store candidate information
  • How long you intend on storing the data
  • What rights a candidate has over their data
  • How a candidate can request to delete their data

The above information must all be easily accessible.

Outsource Your Direct Mail

Outsourcing your direct mail campaign is one easy way to ensure that your company remains GDPR compliant. We are specialists in direct mail and data processing, meaning that we can handle any GDPR issues or concerns that you may have. We can also enhance your campaign, delivering fantastic response rates & engagement.

We stay ahead of the curve, so with Apex Direct Mail, you can be confident that your business’ direct mail marketing efforts will all be in line with the latest regulations. To get in touch today, call us on 01252 333500.