What is GDPR?
GDPR stands for General Data Protection Regulations and will come into force on 25 May 2018. It isn’t a brand new regulation, but an evolution of the existing Data Protection Act. It is intended to both update the current law and to extend additional protection for individuals and their data. Its aim is to provide greater transparency and control over how personal data is managed, protected and administered.
Definition of Personal Data
According to the Information Commisioner’s Office personal data means any information relating to a person who can be identified directly or indirectly by name, ID number, location data or online identifier.
Bases on which Personal Data can be processed
The ICO has offered clear guidance that, in order to be GDPR compliant, organisations must identify which of the following six legal bases they will rely on for processing personal data:
1. Consent of the data subject
2. Processing is necessary for the performance of a contract with the data subject, or to take steps to enter into a contract
3. Processing is necessary for compliance with a legal obligation
4. Processing is necessary to protect the vital interests of a data subject or another person
5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
6. Processing is necessary for the purpose of legitimate interest pursued by the controller or a third party.
For further information on each of these lawful bases we would recommend visiting the ICO website where full details can be found.
GDPR and Direct Mail Marketing
Knowing how GDPR works is important as it may influence your current marketing strategies. What is important is the information posted on the FAQ section of the ICO which states:
In other words it confirms that when contacting someone by post, consent from the person is not required and legitimate interest can be used so long as your marketing is minimally intrusive and relevant to the recipient. You won’t need to obtain their permission (unless an individual has specifically asked to be removed from marketing communications). You will still need to offer customers the opportunity to opt out of marketing mail and will need to be transparent in how you intend to use their information, but the key thing to realise is that you can continue, or begin, talking to customers using mail without any problem.
As guidance when sending direct mail we would recommend bearing the following few points in mind:
1. Be clear of the benefit to the end customer and be able to demonstrate this potential benefit
2. Ensure no harm or distress is caused to the customer
3. Identify the most responsive audience and conduct regular audits of personal data to ensure it remains up to date
4. Make it easy for customers to opt out of marketing campaigns and ensure that those who have requested to opt out are not included in future campaigns
5. In order to ensure the integrity, confidentiality and security of personal data sent to us for processing, we strongly recommend taking practical steps such as adding passwords to data files and deleting data once it is no longer required.
The GDPR opportunity
It is currently estimated that just 15% of people believe that they are in control of their personal information. The purpose of GDPR is to allay this distrust and consequently it presents an opportunity for all businesses to build better relationships with existing (and new) customers by positively embracing the new powers that the law gives consumers.
Here at CMS we have always believed that being open, honest and transparent about how you handle personal data is vital for creating loyal, sustainable and trust based relationships.
In addition, we are optimistic that the enhanced data laws can have a positive impact on marketers. We believe that GDPR provides an opportunity for companies to take stock of their current marketing processes and put best quality practices at the heart of what they do.
How can CMS help?
With many marketers questioning what they can do under GDPR, one thing that is certain is that direct mail will continue to play a hugely important role in driving business success in a post-GDPR world. With over 30 years experience in the direct mail industry CMS are well versed in the intricacies of data protection and we recognised the need to implement a robust Data Protection Policy many years ago. We have now enhanced and updated our existing Policy to incorporate the new regulations in full.
Safe in this knowledge you can rest assured that CMS has the experience and dedication required to offer the very highest level of service for all of your direct mail and marketing needs. We have always prided ourselves on building good relationships and in a post-GDPR business world this looks likely to be of even greater importance. We look forward to working alongside you to help strengthen relationships with your customers and to grow your business to its fullest potential going forward.