One of the biggest news stories to hit the headlines recently is GDPR. Everyone seems to be talking about it and with penalties of up to 4% of worldwide revenue for failing to comply, it’s clear that businesses in the UK will be substantially affected. What the issue is at the moment, is that guides and resources on the matter seem to be creating more questions than answers.
What is GDPR?
GDPR stands for General Data Protection Regulations and when it comes into play on the 25th May 2018, the changes to the governance of data will have substantial consequences on all businesses. Fundamentally, GDPR will determine how businesses do business, and change how data is managed, protected and administered.
Although May 2018 seems a long way off, it has been recommended that businesses use this time wisely and start preparing themselves.
What are the stats about GDPR saying?
DMA conducted a survey and found that only 1 in 20 businesses aren’t aware of GDPR. More surprisingly, 71% of those surveyed said they were either somewhat or extremely prepared for the changes. This is up an impressive 49% increase when the identical survey was conducted back in June 2016.
It seems that businesses are getting to grips with GDPR, however, there are still a fair number of grey areas. Marketing being a big one. There is a lot of confusion around how certain marketing channels will be affected. For example, 81% of those asked thought direct mail will be affected by GDPR and as a result intend to avoid using this tactic, which is far from being true.
Keep calm and send emails anyway?
The simple answer to this is yes. GDPR is challenging how data is collected and used with the core principle being that consumers now have the right to control their own personal data.
When sending out direct mail campaigns, it is outlined in law, that a piece of mail (whatever this may be) has to be in the ‘legitimate interest’ of the company and customer. Meaning it is perfectly okay to carry on sending direct mail.
Don’t you have to get permission?
No, under the new GDPR rules it is not a requirement to get people’s permission, unless, (and this is important) they have been asked to be removed from marketing communications.
Do bear in mind that you do still have to make it easy for customers to opt out and be completely honest and transparent in how you intend to use their data, not just for the fulfilment of the mail but to be seen as complying with the spirit of GDPR.
The 8 golden rules
Below are the 8 golden rules that businesses should bear in mind when sending direct mail:
- Be crystal clear of the benefit for customers
- Demonstrate the potential benefit to the end customer
- Ensure no harm or distress is caused to the end customer
- Identify the most responsive audience through segmentation
- Analyse the success and engagement rate of previous direct mails
- Consider screening customer bases against the Mailing Preference Service (MPS)
- Make it as easy for customers to opt out as it is to opt in
- Ensure those who have requested to opt out are not included in future campaigns
To find out more about the rules of GDPR, we would recommend having a read of Paragon’s blog, GDPR – Legitimate Interest and Direct Mail. Once you have finished our article of course!
Definition of personal data
With GDPR, the term personal data seems to crop up a lot. Personal data is basically any information that can relate to someone who can be identified both directly and indirectly by:
- Name
- ID number
- Location data
- Online identifier.
At the beginning it was thought that legislation would deem all online identifiers (such as cookies) as personal data. This would have made online behavioural tracking almost impossible for marketing. What was agreed instead is only cookies placed by an internet provider which can be linked back to an email address would be deemed as personal data. Cookies placed which cannot be linked back to anything to identify the individual are very unlikely to be treated as personal data.
We hope this article has helped to answer some of your unanswered questions on the minefield that is GDPR. Yes, complying with GDPR regulations may seem daunting, however don’t be afraid of sending out direct mail campaigns. Just be more wary of what you are doing.
One of the key things to take away from GDPR is that individuals have the right to object at any time to their personal information being processed without having to pay a fee. Once they object, you can no longer use their information for marketing activities.
‘Legitimate interest’, gives you the green light for processing data, however the option to opt out must be more obviously brought to the attention of the individual. We would recommend including it in the very first communication.
GDPR is all about giving control back to the consumer. Here at Birch, we are seeing GDPR in a positive light. We believe that this is a real opportunity to cleanse the data you have and for businesses to analyse the way in which they are communicating with potential and current customers.
Remember that GDPR is very new, so please note that this blog is our considered opinion (based on our own research) and we would always recommend doing further reading and research for yourself!
Back to case studies