According to a recent survey by the DMA1, most businesses these days have at least a general awareness of the GDPR; only around 1 in 20 say they are unaware of the new European General Data Protection Regulation.
Moreover around seven in 10 – 71% say they are somewhat or extremely prepared for the changes – up from 49% recorded in an identical survey conducted in June 2016.
Clearly there are a lot of companies – particularly those who operate in the Business to Business (B2B) market – who have work to do.
MYTH: 81% of respondents think that direct mail will be a channel that will be affected by the GDPR
But the same survey states that there is still a lot of confusion about what the GDPR actually requires and its implications for the marketing activity. This is particularly true of how GDPR effects marketing using specific channels. For example, 81% of respondents think that direct mail will be a channel that will be affected by the GDPR – a figure second only to email (90%).
Before diving into the detail, let’s take one step back and make sure we are all on the same page about the GDPR.
What is the GDPR?
The General Data Protection Regulation is a new set of requirements for organisations in EU countries that hold and/or use personal information. It comes into effect in May 2018 – giving companies time to adapt to the new rules. Crucially, it will apply to companies in the UK, and indications are that long after Brexit, the UK will probably continue to apply it or something very similar.
It is a replacement to a 1998 regulation – the Data Protection Act – and is designed to both update the law to take into consideration new forms of data collection and manipulation, and to enhance the rights of consumers in regard to controlling the use of their personal information.
In the UK, the Information Commissioners Office is responsible for administering the GDPR. It is providing free guidance and advice on this on its website, as do the DMA.
Many of you will already be working to ensure your data activities comply with the new standards. And if you use data but haven’t started assessing what your particular company needs to do to be compliant, we strongly suggest that you start now. The danger of not being ready is significant: fines can be as much as 4% of global turnover, and the ICO has made it clear that they will be pursuing organisations of all sizes and types who break the law.
Over the coming year we at Royal Mail will be publishing a range of articles that can help you progress your marketing activities and results, as well as offering specific data services to be compliant.
However given the warnings of doom and gloom that are in the market – often from companies that are trying to sell GDPR compliance services – we wanted to address as clearly as possible some of the issues that seem to be confusing.
So let’s start with the impact of GDPR on sending direct mail to your customers.
Keep calm and carry on sending mail? In essence, yes.
The GDPR is fundamentally about how data is collected and used. The core principle – that consumers have the right to be in control of their personal information – covers all types of marketing activity.
Communicating to customers by mail – whether sending an account statement or a marketing promotion – is designated in law as being in the ‘legitimate interest’ of the company and customer.
This means you don’t have to go out and get their permission unless they have specifically asked to be removed from marketing communications.
You will still need to offer customers the opportunity to opt out of marketing mail, and will need to provide complete transparency about how you intend to use their information to fulfil both the letter and the spirit of the law.
The key thing to realise is that you can either continue – or start – to talk to customers by mail without any problem.
