All You Need to Know About GDPR for Print and Direct Mail
It’s time we talked about GDPR and why it’s so important in the print and direct mail industry right now.
First of all, let’s dissect what the GDPR actually is: GDPR stands for the General Data Protection Regulation and it is designed to revamp and update the existing Data Protection Directive.
Simply put, the GDPR looks to simplify, update and ultimately, protect your personal data. It's a new law that's been introduced in 2018 and has some marketers running scared.
Why Do We Have the GDPR?
Well, without it, your data would have no protection, people could technically do whatever they wanted with it and that’s seriously dangerous.
There are two very important reasons why we have the GDPR and they are:
1. It shows how data is being used and ensures that it’s not being misused, sold or given to untrustworthy organisations
- Global firms such as Google, Amazon, Facebook and YouTube offer their services for free, as long as people offer their data in return. This, in the wrong hands, can prove fatally dangerous. Facebook in 2016 was condemned for harvesting 50 million Facebook profiles to influence the 2016 election.
What has this got to do with my data? Well, simply put, the Internet and the cloud allowed these organisations to invent several methods to abuse people’s data for their own personal and commercial gain. GDPR aims to put a stop to this and ensure people’s data is being used in the right ways.
2. The EU wants to grant organisations more clarity over the legal environment they are operating in
- Basically, this is a ‘good behaviour’ policy. By making data protection law identical throughout member states, it should (in theory) save companies over £2.3 billion every year. Additionally, companies that fail to demonstrate appropriate IT security could face heavy fines.
When Does the GDPR Come into Play?
From May 25th 2018, the GDPR will take effect across EU member states. This isn’t a directive, it’s a regulation - that means we (the UK) don’t need to worry about a new legislation because it will apply automatically.
If you didn’t already know, the GDPR actually came into force on the 24th May 2016. However, it’s taken this long for everyone who’s part of the EU to agree with the final draft and undertake the necessary changes, steps, precautions etc.
So, you better be prepared!
Are people acting on the GDPR?
Strangely enough, there are some people that aren’t in much of a rush to shape their practices to match the GDPR guidelines. In fact, only 43% are actively looking to change their company policies to stay in line with the data protection legislation. While the majority of the 43% are US based, if they handle or deal with a firm inside the EU, they would still be hit by the GDPR.
Stranger yet, nearly a third of them claimed that they wouldn’t be preparing for the new guidelines and 28% admitted they weren’t really paying attention to what their company (or the company they work for) might be doing to prepare for it.
So, when can I process data under the GDPR?
As soon as it comes into effect, the controllers will ensure your data is processed lawfully and ethically. Once this has been completed and the data is no longer required, it should be deleted immediately.
What counts as ‘personal data?’
Essentially, anything that is counted as personal data under the DPA (Data Protection Act) is also classed as personal data under the GDPR. Your IP address(es) now qualify as personal data!
How is the GDPR Going to Affect Direct Mail?
The internet is littered with information about the GDPR, in fact, it’s almost impossible to avoid! But what about direct mail? How will it be affected? And where do you even begin?
Let’s start by talking about legitimate interest
The direct mail industry will be able to use legitimate interests under the new GDPR guidelines to contact consumers via post.
Legitimate interest, what is it? Well, it looks at using people’s personal data sensibly, in a way they would reasonably expect and in a way that wouldn’t interfere with their privacy.
This is particularly important regarding direct mail because while it remains an opt-out media (you can always cancel or be removed from a mailing list), where consent isn’t required, legitimate interest could still be argued. For instance, legitimate interest isn’t talking about the physical act of sending out mail through the post, it’s talking about the processing of the personal data behind it.
So, where does legitimate interest apply?
Legitimate interest works by balancing the interest of the data controllers (those who state how and why personal data is processed) and the data subjects (you, the customer). It’s also imperative that all companies identify and document why they are processing personal data based on your legitimate interests. It’s just a case of being ethical.
Sending your mail under the GDPR
There are two major factors that every company will need to abide by:
- Ensure the data required for mailing (addresses, contact names etc.) is correct
- Ensure you have consent
If, however, you find that gaining consent isn’t possible or even practical, this is where legitimate interest comes in! It’s particularly relevant to charities because if they’re looking to promote or raise awareness for their campaign, it can be ethically and reasonably claimed that it’s in the interest of the recipients to receive information that doesn’t affect their privacy.
In a nutshell, you’re going to want to do everything to make the people at the ICO happy and dodge their nasty fines. Here are a further 5 factors you might want to bear in mind:
- Clearly outline the benefit of what you're posting through people’s mailboxes.
- Make sure you’ve done your customer research and you’re targeting people who genuinely might be interested in your product or service.
- Make ‘opting out’ as easy as possible.
- Do not include those who have opted out in future campaigns – unless you enjoy getting fined.
The ICO has their own answer to those who are worried that they’re trifling with the legitimate interest factor (when it doesn’t concern charities, for example):
‘You can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.’
This is great news for print and direct mail!
Everyone knows how effective direct mail can be when it’s in the right hands. Even with the GDPR coming into play this month, you need not fret about explicit consent, just so long as your data processing meets the GDPR regulations and you can prove that the benefits will be of legitimate interest to your customers.
We understand that the GDPR can be confusing to some people and that’s why we’re here to help. if you’re looking to begin a campaign, or simply want to know more about how the GDPR might affect your future direct mailing ideas, drop us a quick email or call!
Want an introduction to direct mail?
The best way to start on successful direct mailing is by having a chat with a creative and experienced direct mail company. Direct mailing isn’t as complex as you might think and even if you’re unsure of what exactly you want to achieve, that’s fine by us! We’re here to help and guide you through your aims, starting from page one.
Written by Kristian Harrison, General Manager at The Mailing People. Kristian is an industry professional with over 20 years experience in Direct Mail and Fulfilment.