Happy New GDPR Year!

Maybe the mere mention of GDPR at the beginning of January, when you’ve just got back into work after a festive couple of weeks is something you think you need like a hole in the head. Maybe this wasn’t top of your New Year’s Resolutions list—Make sure we are GDPR compliant before 25th May.

However, the thing to remember is that this new law is for our benefit and the benefit of all our clients, customers and associates. It promises enhanced rights for citizens, greater transparency and increased accountability. How can anyone say that’s not a good thing?

Another thing to remember is that if you’ve kept your data protection up to speed in recent years, the changes you’ll have to make aren’t that massive anyway.

Bust those GDPR myths…

There’s a whole lot of information out there, and misinformation—some of which is a result of several revisions of GDPR, so that some legislation, originally proposed, has not been ratified and will not apply. Here are five of the most common myths which are doing the rounds—entertaining to read about, but not true, or at least, reality heavily embroidered for effect.

Myth # 1 – Massive fines will ensue if your company isn’t compliant

The fact of the matter is that fines could be bigger—£17 million or 4% of turnover is the new maximum—but according to the Information Commissioner’s Office (ICO), this will not become the norm. Minor infringements in the early stages of implementation will not be stamped on and the ICO’s commitment is to guidance and education rather than punishment. ‘Issuing fines has always been, and will continue to be, a last resort,’ says Elizabeth Denham, UK Information Commissioner. While there is no intention of allowing breaches to pass by unnoticed, there are warnings, reprimands and corrective orders in the ICO toolbox before they bring out the mighty sledgehammer of punitive fines.

Myth # 2 – Now that Brexit is going ahead, GDPR rules won’t apply to the UK

Apparently 1 in 4 UK businesses have stopped preparing for GDPR compliance, thinking it won’t apply to them if and when the UK leaves the EU, which is forecast to happen in March 2019. Well, for a start, GDPR enforcement begins 10 months before Brexit is predicted to happen. In addition, the government has issued a statement of intent to instigate a new Data Protection Bill, which will implement GDPR in full.

Myth # 3 – Our company is based in America so GDPR doesn’t count

But…do you offer goods and services to companies or individuals in the UK and the whole of the EU —either resident or visitor—or anyone from Britain or the EU living in a non-EU country? Many companies from across the globe may have offices overseas. If you have to process data from UK/EU citizens or visitors to Europe, including the UK, then, yes, GDPR applies to you.

Myth # 4 – My company data is stored with a cloud service provider, so it’s their responsibility to be compliant, not mine

Wrong – for the most part. You have a high duty of care to anyone for whom you store personal data and, to that end, it’s your responsibility to choose a reputable service provider to hold that sensitive information. You will be held responsible for GDPR compliance relating to your database – though service providers must comply with GDPR requirements too.

Myth # 5 – GDPR doesn’t apply in retrospect, so personal data we already have on our database isn’t subject to GDPR rules.

GDPR rules will apply regardless of when you collected the data—as long as that data is associated with a living person who was in the UK or the EU at the time. As an example, if you have contact information from prospective customers (B2C or B2B) gathered before 25th May 2018, this data must be compliant with GDPR.


Don’t believe everything you read in the media! And always err on the side of caution when it comes to data compliance. Remember that’s both B2C and B2B. If you are struggling with the finer details, at Mailing Expert we’ll be happy to talk you through them.


Mailing Expert

GDPR – sorting the fact from the fiction


Always Look on the Bright Side of GDPR!

We’ve been talking about it for a while now, but if you’ve been on an extended trip to Outer Mongolia, you might have missed the news that on 25th May 2018, the UK’s current Data Protection Act 1998 (DPA), will be replaced by the new EU General Data Protection Regulation (GDPR).

‘What?’ we hear you saying, ‘We thought we were leaving the EU.’ Well, regardless of what happens with Brexit, the GDPR will be taken on in this country as part of the overall data protection framework—a new Data Protection Bill. It will become law.

Whatever your company situation, now’s the time to review your data protection processes. Quite honestly, it would be madness not to.

GDPR rules OK

Whenever there’s new legislation decreed from above by the faceless minions of Her Majesty’s Government, or, indeed, European bureaucrats, it’s all too easy to fall into grouching and griping about your increased workload and all those documents that must be read, marked, learnt and inwardly digested. But consider this…what if GDPR is the best idea since sliced bread? And there’s us, spending all our time looking for the problems and worrying about piggy-bank-busting fines instead of thinking about the opportunities for B2B and B2C marketing.

Don’t worry, be data happy

The GDPR is not a hindrance to your business, it’s a help. It’s been created to make it easier for you to cater for the needs of your customers and to minimise possible data loss and data breach incidents. Working together, we can build universal best practice

protocols to enhance the way we manage information—and that benefits everyone – except, perhaps, cyber criminals and who wants to benefit them?

The big spring clean

Individuals will need to opt in to receive marketing communications, so for you as a business, this may mean a drastic culling of your database. Surely this is not such a bad thing? What a waste of time sending stuff to people who don’t want to receive it. If they’ve opted in, they’ll be engaged and your click through rate will be higher, without a shadow of a doubt.

Building trust

With the level of transparency that GDPR will surely bring, customers will be less fearful that their personal information will be misused. Not to mention the fact that data breaches are less likely and, therefore, so is the bad PR for your company, which would inevitably be part of the fallout.

Your brand will benefit from that feeling of trust, and, what’s more, customers will then feel confident that they could share more personal data—which will help you to be accurate in your marketing strategy.

Embrace GDPR

That’s what we’re doing at Mailing Expert and we’re happy to support you in doing exactly the same thing for your business. In the well-chosen words of Frank Sinatra, which you could sing out loud if you wish: ‘Accentuate the positive, eliminate the negative.’

For more information, don’t hesitate to call us at 01825 983033 or send us an email on info@mailingexpert.co.uk.

Mailing Expert

Time to Spring Clean your Data?

For any direct marketing campaign you need data – people’s names and contact details – and for an effective, cost-effective initiative, the data you use must be accurate.

Out-of-date data – does it matter that much?

A great big YES in answer to that question, for a number of (quite obvious) reasons:

Using inaccurate contact details, you may:

·        Waste your time and money

·        Miss important potential clients

·        Damage your company’s reputation

·        Breach compliance with the Data Protection Act (soon to be GDPR)

·        Annoy people for whom the mailing is irrelevant

·        Distress relatives of the bereaved

Some facts about data decay

Just because you’ve lived in the same house for the last 15 years and your place of work has been at the same address since the beginning of time, it doesn’t mean that everyone else is in the same position.

According to research,[1] each year around 13% of people in the UK will move home; 300,000 will marry or have a civil ceremony, meaning they may change their surname; 600,000 will die; 200,000 will emigrate and hundreds of thousands may move to the UK.

Every year, the Royal Mail has to make about 1.25 million address changes to its Postcode Address File (PAF) – that’s more than 3000 a week. The PAF gives us access to over 29 million residential and business addresses (at the last count.)

It’s said that if you communicate with someone, there’s an alarming 20% chance that their contact information will change in some way within 30 days, and, in 5 years, if you do nothing to clean your data, you may have nothing relevant left at all in your database.

When was the last time you cleaned your data, or had it cleaned?

How we can help at Mailing Expert

We can offer you a full range of data cleaning services – which doesn’t ever involve the use of spray polish or feather dusters, by the way!

Or we can offer an audit, which determines what you need. We can hone and refine the data you wish to use for a marketing campaign to get it in the best possible shape to maximise its value. Here’s what we’d recommend:

1.     Screen against the PAF database

2.     De-duplicate – removing any records which are essentially the same

3.     ‘Goneaway’ (people who’ve moved) and bereavement screening

4.     Check against the Mailing Preference Services register – people who’ve said they don’t want to receive mailings.

Doing this will make sure you make the most of savings available of postage as well as reducing the impact of negative publicity arising from incorrectly sent mail.

Contact us for a chat on 01825 983033 or info@mailingexpert.co.uk about your data needs.


Mailing Expert

[1] Mycustomer.com

What’s Happening on 25th May 2018?

  • It’s Julian Clary’s 58th birthday
  • It’s 41 years since Star Wars was released
  • GDPR replaces the current DPA

Cause for celebration all round? Maybe – but certainly, cause for preparation – and we don’t mean saving up to buy Julian Clary’s dog a diamante collar.

So – there’s less than a year to go and it makes absolute business sense to Be Prepared, exactly as the scout motto says. Don’t subscribe to lastminute.com; you’ll only regret it.

And what does GDPR stand for? General Data Protection Regulation, which replaces the Data Protection Act (DPA).

See here for the blog we wrote earlier which explains its evolution.

In brief, the GDPR concerns the rights people have over their personal data*. The DPA has become outdated since technology has progressed so rapidly in the past few years and so much business is carried out online. The new regulations aim to streamline data protection across Europe so that, no matter which country you trade with, or in which country your data is held, there’s consistency in the way data is handled. Helpful for businesses. Reassuring for individuals.

By the way, the fact that we are in the process of leaving the EU makes no difference because the GDPR applies to every business which holds or processes the data of EU citizens. If we want to trade in Europe then we will be obliged to show that UK standards are equivalent to the EU’s GDPR framework. Additionally, GDPR will become mandatory in the UK so even if you don’t trade overseas, it will apply to you.

There’s plenty to be getting on with in the meantime, meticulously outlined by the Information Commissioner’s Office (ICO). Here are five things you could put on your To Do List in the next few weeks. We’ll suggest more in subsequent blogs about GDPR.

  1. Appoint a data protection officer – crucial. It’s vital that someone takes the lead in this matter, otherwise there’s a danger it will be lost in the piles of other policies every company has to deal with. And, that someone should report to a board member or ideally be a board member.
  2. Raise awareness you may know about the impending change in regulations but do all the key decision-makers in your company?
  3. Organise an information auditunless you know the current personal data situation in your company (Whose data? Where from? How shared? To whom?) how can you possibly plan for the future?
  4. Check procedures – do they cover the new rights individuals will have?
  5. Plan timetable to amend privacy notices – make sure they will meet the new requirements in plenty of time for GDPR.

At Mailing Expert, we’re ahead of the game. Why not join us? Together we can make this happen.


Mailing Expert


* personal data is not only an individual’s name & address it is anything that identifies an individual from other information, including physical characteristics, pseudonyms, occupation, address, email et cetera or a combination of identification elements; that means business contacts too.