We’re nearly 8 weeks into GDPR’s tenure as the new sheriff in town and thus far, the world hasn’t ended yet. Sure we may have seen a reduction in emails from Prince’s in far-away lands requesting our bank details so they can deposit huge sums of money into them catch free, or the local lawn mower supplier offering the latest sit on model at 40% off. But largely it’s been business as usual.
This is partly down to the fact that the majority of good businesses were already adhering to their own GDPR rules and standards around the protection of customer’s data. After all, the customer’s needs and privacy should always be paramount and at the forefront of any good business’s core objectives. As the newly implemented GDPR regulations were essentially a tightening of the existing Data Protection Act, this meant many data processor’s and controllers already had strict processes and workflows in place meaning the transition wasn’t as tumultuous as some predicted.
There has however been one noticeable change that was picked up on by a Royal Mail report last week. On the face of it, a drop of 6% in the volumes of addressed mail in the three months leading up to June 24th would suggest GDPR has negatively affected the mailing industry somewhat. Stats can tell us many things but often they lack context, and that’s key here. We know that by household, Direct Mail still elicits the best response rates when compared with email and other social channels. Yes, it’s the oldest of the media channels but it works and always has done if used under the right conditions.
The most likely cause for the 6% drop in mail volumes post GDPR is confusion and a lack of clarity surrounding the details of postal consent under the new regulations. To reference the ICO from earlier this year, the details around postal consent are quite clear:
You won’t need consent for postal marketing but you will need consent for some calls and for texts and emails under PECR.
Whilst there are obviously certain responsibilities around contacting customers and prospects by post, one particular area that may be applicable is the legitimate interest’s route:
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
The other lawful bases for processing are:
a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
To reference the ICO again, they offer the below advice on legitimate interest:
You may prefer to consider legitimate interests as your lawful basis if you wish to keep control over the processing and take responsibility for demonstrating that it is in line with people’s reasonable expectations and wouldn’t have an unwarranted impact on them.
It’s important to note here that it is the responsibility of your business to assess which lawful basis of consent applies to your campaigns and you should always act with the recipient’s best interests in mind.
GDPR compliance has been a lengthy process for many data processors and controllers but the new regulations have unquestionably been a welcome addition to our lives. At first what seemed a potentially negative change for many marketers, it’s clear that the stricter governance around the best interests of customers and data use is a positive step. It means we’re more focused on putting the customer first and encourages us to be more targeted with our marketing campaigns, which can only result in better response rates and enriched engagement.
As we bed in to the post GDPR climate and begin to better understand the regulations, I’m sure we will see direct mail rates climb to the levels seen pre GDPR. After all, there are few better mediums to engage with our customer and prospects.
Thanks for taking the time to read this blog piece on Direct Mail & GDPR, if you need any further info or would like to speak to us about your direct marketing campaigns, feel free to contact us on the office number: 0118 474 888 or at: firstname.lastname@example.org
Source: The ICO