01892 240356


See our latest news articles


What you need to know about direct marketing under the GDPR

If you use direct marketing for your business, you might be panicking about how the General Data Protection Regulation (GDPR) is going to affect your campaigns. The good news is that the impact is less drastic than on digital marketing, however there are some changes you need to make to be compliant.

Legitimate interest backed by consent 

GDPR offers six lawful bases for processing information.  ‘Legitimate interest’ is the basis most likely to be applicable for direct marketing.  The advice from the Information Commissioner’s Office is:

“You can rely on legitimate interests for marketing activities if you can show that how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object – and if you don’t need consent under PECR.” 

So, on the surface, you’re covered by legitimate interest, as long as you follow these guidelines.  However, it’s all a bit more complicated than that. 

The PECR mentioned by the ICO is the Privacy and Electronic Communications Regulations, which sit alongside the current Data Protection Act and which will continue to operate alongside the GDPR.  Although the PECR primarily applies to marketing calls, texts, emails and faxes, they also include guidance on direct marketing.  

The checklist provided by the ICO under its PECR guidance includes the following list for marketing by mail:  

  • We have screened the names and addresses against the Mail Preference Service
  • The individuals on the list have at least given a general statement that they are happy to receive  marketing from us
  • Where the individuals haven’t given specific consent, marketing is consistent with context in which the information was provided and concerns a similar product, service or ideal 

So, although you can use legitimate interest as a lawful basis for direct marketing under GDPR, other elements of the law require you to have consents from the people to whom you are sending your campaign. 

Third-party lists 

The need for consent is just as valid if you buy a list from another provider, such as Yellow Pages.  The PECR states that:

  • You can only use [bought-in lists] if all the people on the list specifically consented to receive that type of message from you. Generic consent covering any third party is unlikely to be enough.
  • You must make checks to satisfy yourself that any list is accurate and the details were collected fairly, and that the consent is specific and recent enough to cover your marketing.

Again, this applies primarily to emails, text and marketing calls, but best practise indicates that this should be interpreted to apply to marketing by mail as well.  

Take the junk out of your campaigns 

It can be called “junk mail” with good reason: very often, campaigns are sent indiscriminately to everyone within a postal address.  Many of the recipients will have no interest whatsoever in the products or services being advertised; for example, if it’s a young household, they are unlikely to need hearing aids. 

The requirement that ‘people would not be surprised or likely to object’ under the legitimate interest basis for processing data places an onus on businesses to spend time sub defining their lists to make campaigns as targeted as possible.  Sometimes you won’t have the information required to subdivide your list – how can you tell if a household is young unless you hold data about age or date of birth? – but where you can, you should. 

Ticking the right boxes 

In order to make everyone at the ICO happy and dodge their mighty hammer of fines, you need to follow this list: 

  1. Be clear on the benefit of direct mail to your business
  2. Demonstrate the potential benefit to the end customer
  3. Contact the people on your data base and confirm they are happy to receive marketing mail OR make sure that the consents secured by a third-party are sufficient to cover your marketing activities.
  4. Make sure you’ve done enough targeting, profiling and segmentation to identify the most responsive audience and clear out anyone who might see your marketing as spam
  5. Make opting out of direct marketing as easy as possible
  6. NEVER include those who have opted out in future campaigns – unless of course you like paying massive fines. 

Some of those might seem like a no brainer, but unfortunately poor practise by some firms have made it inevitable that this is an area that was likely to be tightened under GDPR. 

The benefits 

Yes, the new rules mean you need to give greater thought to your campaigns – in particular who is receiving them – but that should deliver benefits for you.  You may be sending your campaigns to fewer people, but they should be the right people!  A more focused, targeted campaign should generate better enquiry and conversion rates.  

For the average citizen, these new rules are probably a blessing to both their morning routine and their recycling bins. But if you’re in the process of setting up a campaign for after the May deadline, you’ll want to get cracking on with how you’re going to comply with the GDPR.

Read our previous blogs on the GDPR in relation to marketing:

What you need to know about the General Data Protection Regulation

GDPR – making your current database compliant

GDPR – the costs of getting it wrong

GDPR - what you need to record

To find out more about how Sharp Minds Communications can help with your marketing, email communications@sharpminds.agency

Back to SharpTips

Want to drive your business forward?

Contact us

  • 15/05/2019

    How to deal with bad online reviews

    Read more

  • 08/05/2019

    How to measure the success of customer experience marketing

    Read more

  • 01/05/2019

    How affiliate marketing can grow your business

    Read more

See all #SharpTips