At risk of sounding like a scratched record…General Data Protection Regulation (GDPR) comes into force on May 25th, 2018. At time of writing, that’s a mere 14 weeks away. It sets out to harmonise data protection laws across Europe and give citizens better control of their personal data, as well as imposing stringent rules on those who host and process this data anywhere in the world. The key principles are the rights of data subjects, security of personal data, lawfulness and consent, and accountability of compliance
There’s no shortage of information about how GDPR will affect companies with online databases, and the need for consent for telephone calls, emails and texts, for example, but what about postal marketing? How is that affected? Or is it affected at all?
Unravelling legitimate interest
In the Information Commissioner’s Office (ICO) explanatory material it states, ‘processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest,’ which could be read as, ‘carry on as before.’ Please note, in the first instance, that’s it’s talking about the processing of personal data, not the physical act of sending out a mailing through the post. So where does this ‘legitimate interest’ apply?
In a nutshell, legitimate interest is defined as the use of people’s data in ways they might reasonably expect, which will have minimal impact on their privacy. It involves a balancing act between the business interests of the organisation and the rights and freedoms of the individual. It’s important for you as a company to identify and document why you are processing personal data based on your legitimate interests, so you can show that it’s been carried out fairly and lawfully.
Compliance with the legislation for processing data for direct marketing still doesn’t necessarily mean that you’re free to send out material by post with no restrictions.
Sending direct mailing
In most cases, this requires you to:
- Collect, store, process and share the personal data required for the mailing (names, addresses etc.) within GPPR legislation
- Seek consent
But what if obtaining consent isn’t possible or practical? Where do you stand then? This is where legitimate interest could come in and it’s particularly relevant to charities (but not exclusively.) What if a charity wants to send out a mailshot to existing supporters informing them of upcoming events or updating them about successful projects? Here, it can reasonably be claimed that it’s in the interest of the recipients to receive the information and it doesn’t compromise their data privacy either.
As the ICO states, in answer to a recent question about mailing on behalf of charities without explicit consent (and, again, note that it will apply more generally too): ‘You can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.’
SO, good news for the print and direct marketing sectors!
We all know how effective direct mail can be. You can make plans for your direct mailing initiatives without panicking about explicit consent, as long as your data processing meets the GDPR regulations and you can demonstrate the potential benefits to the end consumer. We’re ready and waiting for your call. We’re here to help, contact us on 01825 983033 or email us on email@example.com