GDPR & Direct Mail?

Get started

Does GDPR prevent you sending Direct Mail?

Absolutely not; you can legitimately and legally contact customers and prospects with targeted Direct Mail.

Article 6 of the GDPR sets out six lawful bases for processing data. For the majority of businesses running Direct Mail campaigns there are two bases that are the most common means for including a specific individual in your campaign.


'Consent' – The Information Commissioners Office (ICO) defines consent as “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

For example, this might mean the person has signed up on your website to receive offers or marketing or asked for further information about the topic of your campaign mailing. It could also mean they have contacted you or purchased in response to a previous direct mail campaign (clear affirmative action).


'Legitimate Interest' – “the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.”

In terms of Direct Mail, Recital 47 of the GDPR says “…The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” The ICO states that “as long as the marketing is carried out in compliance with e-privacy laws and other legal and industry standards, in most cases it is likely that direct marketing is a legitimate interest.”

It's important to note that this doesn't mean legitimate interest automatically applies to all marketing; you need to ensure you have identified a legitimate interest, that processing the data is necessary to achieve it. You also need to balance your interests against the individual's and record your process and results.

(There is a link to ICO guidance at the end of this article if you would like more information on Legitimate Interest).

The ICO website also says, “you can rely on legitimate interests for marketing activities if you can show how you use people's data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.” For example, a customer has purchased something from your website. They've actively engaged with your product and are unlikely to be surprised to receive mailings from you; you have a legitimate interest in contacting them with further information, offers, brochure etc.

A third base, 'Contract', might also apply if for example if you are sending letters to customers regarding the status of their ongoing contract with your organisation.

Comparing Communication Channels

Post is subject to fewer regulations than electronic communications, for example Direct Mail is not part of the scope of Privacy and Electronic Communications Regulation (PECR), which requires consent for calls, texts and emails. You are likely to have some customers that you can only reach by mail.

Many Stannp.com customers are having great success using direct mail campaigns to keep in contact with customers who have opted out of consent for electronic communications, and also as a means to encourage customers to opt-in to other forms of communication.

The Direct Marketing Association (DMA) recommends mail as the channel to use to obtain consent; it is read, trusted and acted on by recipients.

Unlike email addresses, people generally only have one residential postal address, so it's much easier to stay in touch with Direct Mail (especially if they have opted out of email communication).

Best Practice for Direct Mail Under GDPR

Understand and record which lawful base you are acting under; keep a record of your legitimate interests' assessment (LIA) to help you demonstrate compliance if required.

Profile your recipients and Segment your data to enable you to target the right campaign messages and offers to the right group of recipients.

Understand the benefit of Direct Mail to your business, and the potential benefit of your campaign to your selected recipients.

Consider using our Data Health Check service (LINK) to screen your data for recipients that have moved address, been registered as deceased, or registered themselves with the Mail Preference Service.

Make It easy for recipients to opt out of future direct mail campaigns, and always exclude any recipients who have previously opted out of receiving direct mail from you.

Stannp.com are Direct Mail specialists and can help you understand the scope of how GDPR applies to your Direct Mail campaigns; please get in touch with us to find out more or discuss your requirements further with our Customer Service Experts.