By Jon Cano-Lopez, CEO at REaD Group
We are now only days away from the big day – the General Data Protection Regulation – widely considered to be the most drastic change to the data landscape of recent decades.
GDPR is, in many people’s opinion, long overdue. The previous legislation surrounding data protection, the Data Protection Act, was implemented in 1998, before many of today’s digital marketing channels existed – the marketing practices of today are almost unrecognisable to those of 20 years ago.
Like it or not, GDPR will force marketers to alter their practices (very much for the better) and will impact businesses in numerous ways – across every bit of personal data processing. One of the central reasons for its implementation is to give consumers back control of their data and promote transparency and honesty between marketers and their customers.
The data value exchange
Unquestionably, gaining permissioned data will become more challenging and this will directly impact on marketing communications. The real test for brands will be to convince consumers of the value exchange in providing their data. Consumers and brands have been benefiting from data sharing for years, to the point where people often take many of the benefits for granted, such as loyalty schemes and tailored offers.
By providing relevant and tailored communications, brands can demonstrate the value of data sharing and ensure that their customers are likely to welcome correspondence from them.
While many marketers, and indeed much of the media, have been concentrating on the issues around obtaining consent, it is important not to forget that Article 5 of the GDPR requires that data be kept up-to-date and accurate. Using first class data cleaning products, such as Data-as-a-Service (DaaS) solutions which can clean data in real time, will ensure that companies are complying with this aspect of the regulation (and take a significant amount of hassle out of the task).
Data is becoming an increasingly valuable asset, and this value should not be underappreciated. It costs five times as much to attract a new customer as it does to keep an existing one. Keeping data up-to-date in order to communicate better with your existing customers should therefore be a no-brainer.
Despite a desperate scramble by many companies to re-consent customers via email, it is important to remember that consent is NOT the only legal basis for processing data. There are six in total and they are all created equal. Marketers received some good news from the ICO earlier this year when it was announced that if you are using direct mail to market to consumers you can rely on ‘’legitimate interest’’:
“you won’t need consent for postal marketing… you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact and an individual is unlikely to be surprised or object.’
However, an LIA (legitimate interest assessment, also known as a balancing test) should be conducted to determine whether ‘legitimate interests’ can be used as a form of lawful basis for the data you are contacting.
In light of this announcement, brands should explore the opportunities presented by direct mail and think about how to utilise the channel to secure maximum impact. Public perceptions around direct mail have changed over recent years after many experienced an endless deluge of largely irrelevant and unwanted email. A return to a golden age of DM should be welcome news to consumers and companies alike. Mail as a medium has been found to be far less intrusive, more tangible and trustworthy, as well as providing a greater scope for companies to be creative and encourage engagement.
The months ahead
The 25th May should not be thought of as a finish line, but the beginning of a journey. Achieving compliance is only the start – maintaining best practice and incorporating it into company culture will be the real test for companies. However, it is important to remember that the legislation will ultimately benefit both consumers and brands. There is no need to panic over the prospect of fewer names on the marketing database, as those who have chosen to share their data will be more receptive and open to communications; essentially more valuable to business. Forging these long-term and mutually beneficial relationships with customers who want to be contacted will pave the way for a successful future.
Another important difference between the Data Protection Act and the GDPR is that two existing Privacy concepts will be entrenched in law in Article 25, namely ‘Privacy by Design’ and ‘Privacy by Default’.
These concepts are not new but will have enhanced prominence and importance with the enforcement of the GDPR, under Article 25.
Privacy by Design means businesses need to consider privacy at the initial design stages and throughout the development process of any new products, processes or services that involve processing personal data.
Privacy by Default means that when a system or service includes choices for the individual on how much personal data he/she shares with others, the default settings should be the most privacy friendly ones.
Sounds simple, right? Well, maybe not…. It is far more than a tick-box compliance exercise that can be buried within audits and contracts…it requires full commitment to build data protection into company culture and all aspects of its operations. Essentially, these Principles encapsulate an ethos that should permeate every organisation that controls or processes personal data.
So here are a few tips for applying these key principles (and soon to be legal obligations):
Educate all staff so they understand the principles – and that the Privacy obligations and accountability sit with ALL staff not just IT or compliance teams
Conduct a Privacy Impact Assessment – or PIA. A PIA is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained within the organisation
Best practice is to create a PIA template which can then be filled in for each new system or product/service. The ICO have provided a PIA template https://ico.org.uk/media/about-the-ico/consultations/2258461/dpia-template-v04-post-comms-review-20180308.pdf
Implement appropriate technical and organisational measures to ensure that only personal data necessary for each specific purpose are processed. This applies to the amount of personal data collected, the extent of processing, period of storage and accessibility
Data collection techniques – including cookies – should also be reviewed and revised to avoid excessive data collection. Ensure that automated deletion processes are in place to remove personal data after an appropriate (and set) period of time
Remember this is a legal obligation – no longer a ‘good idea’ or a ‘nice to have’
One big benefit of applying Privacy by Design and Default, is that it will also make it easier to be transparent, which is absolutely key when it comes to earning the trust to collect the data in the first place – and also a fundamental principle of the GDPR.
So, time to embrace Privacy!
Read about how REaD Group have embraced information security and implemented Privacy by Default [https://gdpr.report/news/2017/10/23/breach-level-index-findings-must-businesses-better-protect/]
By Mark Roy, Founder and Chairman of REaD Group
The current chaos that seems to have overtaken the social media world these days is going to have far reaching consequences, not just social media but across the entire digital spectrum.
We have all been inundated with warnings about the imminent arrival of GDPR and many of us have spent much of the past few years preparing for that change. But it is the Electronic Privacy Review (E-PR) that will have a devastating effect on businesses engaged in digital communications as the current social media furore has altered the focus of E-PR from PECR re-write to complete reinvention of digital communications regulations.
The back story to GDPR is that the European Union was extremely unhappy in the early teenies about American digital behemoths – the likes of Facebook, Microsoft, Google, and Apple wantonly using European citizen data for their own gain. They believed (rightly in my view) that European citizens should be able to exploit these services whilst having confidence that data would not end up disappearing to God knows where and used for God knows what!
To make matters worse for the Americans, in the time it has taken to get GDPR ratified in Europe both Safe Harbours and Privacy shield have been binned, although an allegedly ‘beefed-up’ version of Privacy Shield is now in play. Somewhat unhelpfully, in a deeply Churchillian two fingered way, Mr Trump has also managed to abolish the Obama Privacy bill which apparently did not put ‘America First’!
However, the wider story is not about the new controls and transparency that GDPR will provide for European citizens, it isn’t even about the fines that will be issued if companies fail to adhere to this new higher standard, the real story is about what is going to happen next year when the E-Privacy review (E-PR) is published.
The digital marketing arena is currently governed by the Privacy and Electronic Communications regulations (PECR). Written in 2003 it has been subject to comparatively little reform over the last 15 years, amazing considering all that has changed in that time. The E-PR is fast approaching its closing stages and aims to resolve the significant legislative gap between the digital arena of 2003 and today’s much changed industry, as well as creating important synergies between E-PR and GDPR.
At its heart (surprise surprise!) a pretty draconian view of how commercial organisations are able (or unable) to exploit European citizen data. One other key thing to mention is that currently, sitting within the text, it states that all digital communications should be based on consent in line with GDPR, in other words open, transparent and unambiguous and requiring affirmative action.
So, it will not surprise you in the least when you hear that MEP’s, Euro legislators, rapporteur’s, ministers et al have spent the last few months being savagely lobbied by who? You guessed it, the US behemoths who stand to lose billions as a result of these changes, yes – those same behemoths that sat firmly in the cross-hairs of the Euro legislature back in the early teenies!
So when a story erupts about an analytical business using “surreptitiously” acquired data to try and influence the outcome of an election you won’t need a degree in quantum physics to understand that any party involved in the creation of the E-PR will now be doing everything within their power to ensure that European citizen data is protected at all costs.
Whilst I have long said the GDPR right to erasure articles would signal an end to the wanton use of citizen data in the programmatic industry, it now seems that a relatively small analytical business abusing the trust of Facebook users (aided by a long-held commercially convenient laissez faire attitude from Facebook) has pretty much ensured that the E-PR will move to an opt-in model and that European digital marketing companies will have to find a new and more transparent way of acquiring customers.
REaD Group have always considered the implementation of GDPR to be an inherently positive prospect for both consumer and company alike – very much an opportunity and not something to be feared.
As we enter the final 25 days before GDPR becomes enforceable, join us in the countdown with REaD Group’s GDPR Advent calendar. Each door will herald a new GDPR goody in the form of practical advice, nuggets of wisdom and much more – so get opening those doors!
Take a room full of switched-on marketers, data practitioners and legal and compliance professionals from brands and agencies keen to learn about how to thrive in a post GDPR data driven world.
Add in a group of informed and forthright speakers and panellists. Provide a holistic view of the new data world order post-GDPR – covering qualitative research, legal stance, channel view, a GDPR journey and industry view…..And bingo!
So what did we learn?
Ultimately the research presented by David Reed, DataIQ confirms what we already know (or certainly should do!) – that to build and retain trust you must tell people what you are going to do. And do that (and only that!).
The responses outlined also reinforce the importance and relevance of the core principles of GDPR: accountability and transparency. The full research is published and available to download here
For an event focussed on GDPR there was a refreshing consensus from speakers and panellists on the contentious topics of consent and legitimate interests.
Complete the balancing tests correctly and honestly and you can use Legitimate Interests as the basis for direct marketing to your customers and also for third party data.
Mark Watts, Partner at law firm Bristows LLP summed it up nicely, stating “consent is not the only game in town” and reiterating what the ICO have been saying for months that all the legal bases for data processing under GDPR are created equal!
Refreshingly candid, he referenced GDPR Article 47 which explicitly mentions that Legitimate Interests may be used as the basis for Direct Marketing. Legitimate Interests are also very broad and include commercial interests of an organisation – as confirmed in the latest guidance from the ICO.
ICO: “The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits”
The rights of individuals are also broad and this is at the heart of the balancing tests required for applying Legitimate Interests as a legal basis for processing data.
Direct marketing and GDPR
Royal Mail MD, Jonathan Harman, gave us 12 reasons mail can help your brand to thrive in a GDPR world, including:
- You don’t need consent for postal marketing
- Mail offers higher response rates than email
- No fines as yet for using mail for marketing
- Mail primes other media
He also cited some compelling stats that confirm that consumers like and trust communication using this channel:
Respondents to MarketReach research confirmed that mail is more believable (87%), makes them feel more valued (70%) and creates a better impression of a company (70%).
The key take-away – direct marketing has a key role to play in the post-GDPR world!
GDPR is a journey not a destination
The engaging and charismatic Michelle de Souza, CDO at Age UK, gave us an honest account of their GDPR journey via a pre-recorded interview with REaD Group’s Scott Logie.
Her advice? Be pragmatic, be optimistic, be responsible marketers and remember that GDPR is a journey not a destination. Leaving us with the positive view that organisations should have the confidence to keep going.
Get it right and the future IS bright!
REaD Group Chairman and Founder, Mark Roy, put together a strong case to dispel the negativity around GDPR, reiterating REaD Group’s stance that GDPR is a much needed force for good.
Referencing the recent controversy involving Facebook and data sharing as a compelling example of why the accountability and transparency obligations at the heart of GDPR – essentially doing the right thing by consumers – are very much needed and should be welcomed.
Picking up on Mark Watts points, he was also very clear that legitimate interest isn’t just for customers – that it allows contact with everyone providing it meets the balancing test requirements.
All in all, a great event with some very tasty take-aways!
By Scott Logie, MD, Insight at REaD Group
Many have likened the impending GDPR to a data apocalypse and the end of marketing as we know it. Certainly, if you have been brazen enough to ignore the new regulation altogether and failed to prepare then it is most likely a ‘data hell’ that beckons. However, your actions in the final days before the changing of the guard from DPA to GDPR (and beyond for that matter) will determine whether it’s an apocalypse that awaits, or a nirvana.
There have been countless examples over the years of companies committing data blunders and ‘bad data’ seriously affecting consumer’s perception of a brand’s image. Indeed, research carried out in 2016 found that two thirds (66%) of consumers said that they would boycott organisations that continued to send mailings to a loved one that was deceased .
Given recent events surrounding misuse of data and growing unease and distrust from consumers around how their data is used, it seems likely that this figure will only have grown.
In 2014 a woman in California received a credit card offer from Bank of America addressed to ‘Lisa is a…(well, let’s just say a rather offensive word that rhymes with mutt…) McIntyre ‘. A photograph of the offending letter was shared on Twitter and subsequently went viral. While this is perhaps a fairly amusing example of inaccurate data backfiring – and luckily for the bank in this case Lisa saw the funny side – it certainly highlights the importance of ensuring that your database is clean before running a campaign.
Similarly, there is the infamous ‘Dear Rich b**tard’ incident, which has now passed into marketing urban legend. After doing my own research into the origins and validity of this story I discovered that this particular gem of a blunder was carried out by a small UK based company in the early 1990s. After a programmer classed poorly formatted data under the placeholder phrase ‘Rich B**tard’ this was never updated, resulting in mailings being sent out addressed ‘Dear Rich B**tard’. A small mistake to make, but one that could have been far more serious, and costly. Interestingly the company was later contacted by a prospective customer who was indignant that he had not been contacted in this manner as he felt that he qualified for such a title!
I remember a bank a few years ago who mistakenly mailed all of their suppressed records (including deceased and goneaway contacts) instead of suppressing them. As you can imagine they were inundated with complaints from angry consumers…but at the same time received an amazing response rate!? Rather than advocating this mistake, this merely promotes the argument for keeping track of relocated consumers and looking at new occupiers.
Perhaps one of the most distressing and horrific mistakes related to inaccurate data happened in 2014 to a recently widowed woman from Cardiff. After her husband passed away she was bombarded with mailings from her husband’s mobile provider demanding overdue payments and offering new tariffs and deals. Despite attempts to inform the company that her husband had passed away, the mailings continued and became less friendly in tone. Following three visits to a branch, on one occasion bringing her husband’s ashes and death certificate with her, the matter was finally resolved after a huge amount of unnecessary distress and anguish to her and her family had been caused.
This is an extreme example, but the brand damage and bad publicity such an error could cause is enormous – the coverage of the story was incredibly widespread at the time. But it could all have been so easily avoided.
With data cleaning solutions readily available, and with the advent of DaaS (Data as a Service) allowing data to be cleaned in real time, there really is no excuse for having data that is not accurate and up to date.
Article 5 (d) of the new Regulation states that data must be kept accurate and up to date or deleted. This is not something that is up for debate or a nice-to-have, but something that will be enforced in law. Failure to comply with this aspect of GDPR will result in potentially hefty fines from the ICO.
 Wilmington Millennium, The True Cost of Mailing the Dead: Brand Damage, 2016
We are now less than two months away from the day that has been striking fear into businesses across Europe (and beyond) for the best part of a year – 25th May 2018. However, there is a particular aspect of the new regulation that many have overlooked, assigned a low priority to or simply ignored. The regulation is a comprehensive document containing 99 articles in total, but Article 5 (Principles relating to processing of personal data) appears to have slipped under the radars of many.
GDPR Article 5 (1) (d) requires that data be accurate and kept up to date or DELETED. Once the implementation phase of GDPR ends on May 25th and the regulation is enforceable, this will be law – no ifs, ands or buts.
‘‘(…) personal data shall be:
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;’’
There is no doubt that data has become an integral part of how many businesses function today, but it is crucial to ensure that this data is the RIGHT data.
Why lose customers and prospects altogether or cause your brand reputational damage by failing to comply with Article 5 when there is a simple solution? The truth is that data accuracy is no longer a nice-to-have but a necessity – it is something you MUST do.
The law is changing and GDPR takes a far stricter stance on data accuracy than its predecessor, the Data Protection Act; in addition to potentially incurring the wrath of consumers, failure to comply could result in a substantial fine from the ICO.
In the last 12 months the majority of businesses, and the media, have continued to panic and focus their attention on the consent aspect of GDPR, but the ICO is very clear that all clauses carry the same importance and weight. Hoping for the best and assuming that the term ‘reasonable steps’ justifies taking no action is naïve at best and arrogance at worst. Investing in a solution that ensures that data is kept clean and up to date on a regular basis, or even in real-time with Data as a Service products, is most certainly a reasonable step.
Recent ICO guidance confirms that postal marketing can be conducted using the basis of Legitimate Interest (LI) under GDPR. This will undoubtedly result in many more brands incorporating direct mail into their marketing mix over the coming year. It has therefore never been more important to ensure that postal data is accurate and up to date.
By continuing to market to the previous address of individuals who have relocated, you are not only wasting marketing budget that could be better spent elsewhere, but also losing contact with a customer that may subsequently become lapsed. Furthermore, the current occupants of that property will be far less likely to engage with a brand that is inundating them with a previous-tenant’s post.
In a similar respect, failing to screen for deceased contacts in your database is a similar waste of marketing spend, but more importantly one that has the potential to cause undue distress to the families of those still being contacted. Why risk tarnishing your brand’s reputation? Equally, why risk incurring penalties from the ICO for non-compliance?
It is not too late to take the necessary steps to ensure you are GDPR ready in relation to Article 5. Keeping data accurate by removing and keeping track of gone aways and screening for deceased individuals will not only be complying with GDPR, but also boost the performance of marketing campaigns and save time, money and resources by not marketing to people who will not receive the communication. Where GDPR is concerned, the message is clear – CLEAN it or LOSE it.
By Scott Logie, MD, Insight at REaD Group
At the recent Data IQ event I jointly chaired a table discussion on the GDPR ready Single Customer View (SCV). This turned out to be a very interesting experience. First of all, there was a huge range of requirements, from B2B SCV development to “How do I get started”, “How do I get funding for an SCV” through to “How do I make my SCV real-time” and “How do I connect Google Analytics data into my SCV”.
This obviously created a lot of discussion with different brands, at different levels of development, able to share their experience with those who are just getting started. Hopefully everybody enjoyed the discussion and got a lot out of it.
From a GDPR point of view, there were three main areas of interest that came out:
- How do I keep the data in my SCV current and up to date?
- How do I structure the SCV so that I can hold permissions and consent correctly?
- What do I need to do to ensure that I share the correct information with my customers, as and when this is required?
So, taking each of these in turn:
Keeping the data up to date
What became apparent during the conversations was that there are different levels of understanding of what is required under GDPR in terms of keeping data up to date. This isn’t that surprising as most of the concentration to date has been on consent and ensuring that we have permission to contact the consumers we want to engage with.
However, we have an obligation as well to keep the data we hold current and clean. And to archive or delete what is no longer needed. In some cases this has not been considered, in others it was seen as a lower priority.
From a REaD Group point of view, our advice is very clear; with the GDPR Article 5 requiring that personal data be kept clean and accurate (or be deleted!) choosing a trusted solution to optimise the quality of your data and maximise compliance is now business critical. Whether this is ad hoc but planned updates, real-time access via APIs or licencing of the different industry suppression products there is no choice but to make sure there is a solution that works for your business in place.
Structuring the SCV for holding consent
To be honest, there is no easy way to answer this. We have tackled it by building a consent table that holds each of the key pieces of information – which allows us to manage change over time – that is then referenced on each customer record. This allows us to ensure we keep the most recent permission against a record, by channel, but also enables us to track changes over time. This does result in a very large lookup table but better that than extending customer records.
The other thing to bear in mind is to hold both what consent was gained, where and when but also what the usage you have agreed for that customer record by channel. For example, you may have gathered consent to contact by Direct Mail but have chosen Legal as the reason for contact and this needs to be held. In addition, note that this needs to be managed by customer, by product, by channel so can become cumbersome if not managed correctly.
Giving consumers access
Finally, from a consumer access point of view, I think there are two key things to consider in terms of contact: managing subject access requests (SARs) and also allowing consumers to see what information is held on them for permission management.
From a SAR point of view, there were two clear messages:
- Be very clear what is going to be shared as part of a SAR. It’s not my place to advise what the content should be but what was interesting was how varied and differently detailed each SAR response format was going to be. I think this is something to be tackled early, agreed with your legal teams and shared as appropriate.
- Having an SCV doesn’t sort out SAR responses but it helps a lot! Having as much data held in one place as is possible makes the tracking of information needed for a SAR substantially easier.
From a permission management point of view, again there were a lot of different views and positions. Some organisations, the more digital email only brands in particular, seem to be using their ESP to manage and share permissions with customers. For others there was a work stream to agree what was to be shared and how. Interestingly, no-one stated that they were fully on top of this.
There are many approaches to be taken here. At REaD Group we have partnered with a business, My Life Digital, who provide a Permission Management solution. We are implementing this for our own use and also recommend it for our clients. Other solutions are available!
Overall, tackling GDPR compliance from an SCV point of view isn’t a luxury but a necessity. Keeping the data current, tracking permissions and consent and ensuring that SARs can be responded to quickly and accurately are all part of the new world of data management. It was very clear that there is a lot of work to be done, by big brands and smaller businesses, to meet the basics never mind the nice to haves. It’s going to be a fun year!
The lack of clarity in the run up to GDPR has been shocking. This statement provides much needed clarity on how to remain on the right side of the legal minefield and make the most of the opportunity that GDPR really presents.
REaD Group have been involved from the very earliest stages of GDPR. We have been at the forefront of negotiation, lobbying and discussion for the last six years. Consequently, our knowledge of the regulation itself, the intended meaning and what it means for the Direct Marketing industry is unrivalled.
REaD Group is unequivocally supportive of the GDPR. All the decisions we have made surrounding the permissions required to use third party data for direct marketing activity under GDPR have been externally validated by Bristows LLP, widely regarded as this country’s leading data protection lawyers.
REaD Group have been working towards becoming a GDPR ready business for the last three years. We have made significant changes to our own data collection methods and how we obtain, retain and maintain our data and data solutions. Our contributor due diligence processes we believe are unparalleled and unique in the scrutiny of GDPR requirements and we have enhanced our internal IT solutions.
It is important to remember the purpose of GDPR is simple; to give consumers greater control and transparency over the use of their data. Most importantly, GDPR will change marketing communications for the better – more open, more honest and more transparent and in turn that will deliver a more positively disposed, aware and trusting consumer, which has to be good for us all.
REaD Group has enhanced its safeguarding processes to ensure every piece of personal data made available to you has been collected in a GDPR ready manner. This inevitably means there will be changes to our products as we ensure that all data has been lawfully processed in line with GDPR. No data is accepted into our data estate until our due diligence and auditing processes have been satisfactorily concluded. This includes adherence to a number of significant and mandatory GDPR rules established by our GDPR Steering Group.
In the recent weeks and months there have been conflicting opinions surrounding the level of consent required for data to be available for third party direct marketing post May 2018.
The issue of consent has created an enormous amount of confusion. What is it? How is it obtained? What channels does it apply to? Or indeed, do I need it at all? Consent of course, is only one of six legal grounds to process personal data under GDPR, yet it has occupied a disproportionate amount of the airtime serving only to confuse further.
At REaD we prefer to ask – Do we have permission? In other words, do we have grounds from one of the six processing purposes? In most cases with our data assets permission means the processing of data collected either with consent or as a legitimate interest. Both of these grounds for processing are equally valid and our products will be selectable on either or both.
This means if you are planning a postal marketing campaign, you won’t need consent. You can rely on using legitimate interests, if you can show how your use of the consumer data is proportionate, has a minimal privacy impact and the consumer is unlikely to be surprised or object. To be clear, within GDPR itself, Direct Marketing is specifically singled out as a legitimate purpose.
Being GDPR ready is about balancing risk. When you decide to use REaD Group data, we advise you to conduct the necessary balancing exercise between your interests in direct marketing and the rights of the consumers. REaD Group will have conducted this exercise ourselves under our obligations as data controller. We also advise you to ensure that consumers know exactly how you intend to use their data. Our experience tells us that the more open and honest you are the better it is received by consumers.
Of course, our in-house experts will be more than happy to talk you through this note as well as your specific concerns or campaign ideas. We have done the vast majority of the work for you in building a GDPR ready data asset so we can all market ourselves confidently and securely.
Want to talk GDPR? Contact our team today.
Direct Mail can be used under the basis of Legitimate Interest under GDPR (or put another way, does not require Consent).
Yes you can! We’ve had it from the only authority that counts in the UK – The Information Commissioners Office (ICO) – who recently provided some much needed clarity on the use of Legitimate Interest for marketing, confirming on their website that states “you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.” Great to have some clear guidance and a green light for responsible, consumer centric direct mailing.
Using Legitimate Interest in practice requires the application of a good dose of…common sense!
OK so the ICO call it a Legitimate Interest Assessment (LIA) – but essentially what they are looking for is the application of the main principles of the GDPR – openness, honesty and transparency – supported by evidence that you have carefully considered the impact on an individual and made an informed and fair judgement that your interests and the interests of the individual are balanced.
Executed well, Direct mail is proven to be an incredibly effective channel for response rates and engagement.
Put simply – it works! Great Direct Mail will deliver great results. It can grab more attention, engage and help to create closer relationships and generate more responses.
Recent research by Brand Science confirmed “when mail was included in the marketing mix, campaigns had 12% bigger ROI than those without mail.” Impressive!
Anecdotally, one of our clients recently reported a consistently high ROI and an average of 1000+ new customers/month from Direct Mail.
AND consumers like it! And we’ve got some stats to prove it….
Respondents to MarketReach research confirmed that mail is more believable (87%), makes them feel more valued (70%) and creates a better impression of a company (70%).
Choosing the right partner will make all the difference!
Choose a partner you can trust. At REaD Group we have been helping businesses of all shapes and sizes get great results from Direct Mail for more years than we care to remember – and with the advent of GDPR our services have become even more important and relevant to our clients (from optimising data selections and data quality to campaign reporting and analysis). We’re a safe pair of hands.
Sounds good, right? So what to do next?
Contact our knowledgeable and friendly team who can talk you through how we can best support your marketing strategy and help you thrive through GDPR and beyond.