The lack of clarity in the run up to GDPR has been shocking. This statement provides much needed clarity on how to remain on the right side of the legal minefield and make the most of the opportunity that GDPR really presents.

REaD Group have been involved from the very earliest stages of GDPR.  We have been at the forefront of negotiation, lobbying and discussion for the last six years.  Consequently, our knowledge of the regulation itself, the intended meaning and what it means for the Direct Marketing industry is unrivalled.

REaD Group is unequivocally supportive of the GDPR.  All the decisions we have made surrounding the permissions required to use third party data for direct marketing activity under GDPR have been externally validated by Bristows LLP, widely regarded as this country’s leading data protection lawyers.

REaD Group have been working towards becoming a GDPR ready business for the last three years. We have made significant changes to our own data collection methods and how we obtain, retain and maintain our data and data solutions.  Our contributor due diligence processes we believe are unparalleled and unique in the scrutiny of GDPR requirements and we have enhanced our internal IT solutions.

It is important to remember the purpose of GDPR is simple; to give consumers greater control and transparency over the use of their data. Most importantly, GDPR will change marketing communications for the better – more open, more honest and more transparent and in turn that will deliver a more positively disposed, aware and trusting consumer, which has to be good for us all.

Our Stance

REaD Group has enhanced its safeguarding processes to ensure every piece of personal data made available to you has been collected in a GDPR ready manner. This inevitably means there will be changes to our products as we ensure that all data has been lawfully processed in line with GDPR. No data is accepted into our data estate until our due diligence and auditing processes have been satisfactorily concluded. This includes adherence to a number of significant and mandatory GDPR rules established by our GDPR Steering Group.


In the recent weeks and months there have been conflicting opinions surrounding the level of consent required for data to be available for third party direct marketing post May 2018.

The issue of consent has created an enormous amount of confusion.  What is it? How is it obtained? What channels does it apply to?  Or indeed, do I need it at all?  Consent of course, is only one of six legal grounds to process personal data under GDPR, yet it has occupied a disproportionate amount of the airtime serving only to confuse further.

At REaD we prefer to ask – Do we have permission?  In other words, do we have grounds from one of the six processing purposes?  In most cases with our data assets permission means the processing of data collected either with consent or as a legitimate interest. Both of these grounds for processing are equally valid and our products will be selectable on either or both.

This means if you are planning a postal marketing campaign, you won’t need consent. You can rely on using legitimate interests, if you can show how your use of the consumer data is proportionate, has a minimal privacy impact and the consumer is unlikely to be surprised or object.  To be clear, within GDPR itself, Direct Marketing is specifically singled out as a legitimate purpose.

Being GDPR ready is about balancing risk.  When you decide to use REaD Group data, we advise you to conduct the necessary balancing exercise between your interests in direct marketing and the rights of the consumers. REaD Group will have conducted this exercise ourselves under our obligations as data controller.  We also advise you to ensure that consumers know exactly how you intend to use their data.  Our experience tells us that the more open and honest you are the better it is received by consumers.

Of course, our in-house experts will be more than happy to talk you through this note as well as your specific concerns or campaign ideas.  We have done the vast majority of the work for you in building a GDPR ready data asset so we can all market ourselves confidently and securely.

Want to talk GDPR?  Contact our team today.

direct mail stat
Direct Mail can be used under the basis of Legitimate Interest under GDPR (or put another way, does not require Consent).

Yes you can! We’ve had it from the only authority that counts in the UK – The Information Commissioners Office (ICO) – who recently provided some much needed clarity on the use of Legitimate Interest for marketing, confirming on their website that states you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.”  Great to have some clear guidance and a green light for responsible, consumer centric direct mailing.


Using Legitimate Interest in practice requires the application of a good dose of…common sense!

OK so the ICO call it a Legitimate Interest Assessment (LIA) – but essentially what they are looking for is the application of the main principles of the GDPR – openness, honesty and transparency – supported by evidence that you have carefully considered the impact on an individual and made an informed and fair judgement that your interests and the interests of the individual are balanced.


Executed well, Direct mail is proven to be an incredibly effective channel for response rates and engagement.

Put simply – it works!  Great Direct Mail will deliver great results.  It can grab more attention, engage and help to create closer relationships and generate more responses.

Recent research by Brand Science confirmed “when mail was included in the marketing mix, campaigns had 12% bigger ROI than those without mail.” Impressive! 

Anecdotally, one of our clients recently reported a consistently high ROI and an average of 1000+ new customers/month from Direct Mail.


AND consumers like it!  And we’ve got some stats to prove it….

Respondents to MarketReach research confirmed that mail is more believable (87%), makes them feel more valued (70%) and creates a better impression of a company (70%).

Choosing the right partner will make all the difference!

Choose a partner you can trust.  At REaD Group we have been helping businesses of all shapes and sizes get great results from Direct Mail for more years than we care to remember – and with the advent of GDPR our services have become even more important and relevant to our clients (from optimising data selections and data quality to campaign reporting and analysis).  We’re a safe pair of hands.


Sounds good, right? So what to do next?

Contact our knowledgeable and friendly team who can talk you through how we can best support your marketing strategy and help you thrive through GDPR and beyond.

Dan Fossaceco

By Dan Fossaceco, Lead Generation Director at REaD Group

As we look back on the developments of 2017, there are some things we expected to happen and some things we didn’t.

We expected there to be a clamour around GDPR and we expected ‘experts’ to come out of the woodwork to tell us everything would be alright…as long as we completely changed everything we knew about the consent, the processing and the holding and management of data.

We didn’t expect there to be a simple solution.

As Captain Kirk once said ‘Hang on tight and survive. Everybody does’

But will they?

Change is key, and adapting to change is more important than ever.

There isn’t a simple solution, but taking each part of GDPR individually makes it easier to digest, and what this piece will attempt to go over is the acquisition of new consumers – just how do we ensure that we have consumers to contact in June 2018?

The first thing to discuss is the sales funnel, because we all use it.

‘For every ten people I contact I will make one sale – I need to make 10,000 sales so I need to ‘‘buy’’ 100,000 contacts to make my sales.’

Post GDPR this WILL become more difficult; properly consented data will be harder to get hold of. The hoops that processors and owners of data will have to jump through will increase. That’s not to say it will be impossible, but it will be harder.

So all doom and gloom?


So what exactly are we purchasing?

Let’s break down what we were purchasing – we weren’t purchasing a consent, (albeit a 3rd party consent) – we were purchasing sales, not contacts.

When it comes to having clear and concise consent, there is no doubt that first party is the aspirational standard. There are a variety of means to obtain a first party consent

By obtaining 1st party consents ahead of May, brands will be in the best position to continue to communicate with prospective and existing consumers.

But what about the volumes? Let’s look back at the original statement:

‘What exactly are we purchasing?’

If we are purchasing sales and not contacts then the most important change that needs to take place is conversion.

The best way for consumers to increase their engagement with brands is to actively seek them out for communication; this can happen in two ways. Either via inbound communications through website or aggregator sites, or by gaining the initial interest using third party websites – this gives the comfort of a first party opt in with the added benefit of it being based on performance.

It’s proven that a solid relationship with consumers increases engagement and buying levels, so why not get the consumer to do the initial work for you and ask to be contacted?

Maybe we all need to calm down a bit and understand what makes our businesses tick; its customers, and customers who WANT to interact with our brands, are invaluable.

Finally, to finish off with another quote from the enterprise…albeit tweaked – ‘its data, Jim, but not as we know it.’


By Mark Roy, Chairman and Founder of REaD Group

So, at last a bit of welcome news from the ICO.  In black and white in new guidance for the charity sector.  Consent is NOT required if you are using direct mail and relying on Legitimate Interest.  Considering the amount of utter nonsense being spouted by SO many ‘overnight experts’ this is an extraordinarily timely piece of clear-cut advice from the ICO to marketers.

That said, it was rather curiously tucked away in the FAQ’s of the advice specifically designed for the charity sector.  That very same sector that has spent the last 24 months, since the Etherington review, paralysed with fear of potential repercussions of using data incorrectly.  Ironic really, when the mainstay of British fundraising had always been direct mail, that it is now that very same channel that will no doubt bring about the resurgence in charitable marketing.

ICO: You won’t need consent for postal marketing …If you don’t need consent under PECR you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.

Of course this doesn’t just apply to charities, it applies to any organisation that has a legitimate interest to process data, no matter what sector.  It is very important to realise that when, late in the day, the EU added those 18 words to clause 47 of GDPR – namely “The processing of personal data for Direct marketing purposes may be regarded as carried out for legitimate purposes” – they meant Direct Mail!

Today, direct mail is regarded very differently from a decade ago.

70% of respondents said that mail makes them feel more valued (up from 57% in 2013).  Source: Royal Mail Market Reach: The Value of mail in uncertain times, August 2017

It turns out that compared to email, SMS or voice calls it is perceptibly a comparative saint. It is remarkably unobtrusive and has the tactility to create real connections with the recipient and relay real brand value.

The ICO should be applauded for this much needed definitive advice, much more of the same is required… please!  Hopefully then, and I suspect only then, will we see an end to the ridiculous scaremongering and be able to get on with running our businesses whilst continuing to protect the consumer interest.

There has never been a better time to plan your next Direct Mail campaign.  We might know a thing or two about that…get in touch to explore the huge opportunity this clarity presents.

By Andy Bridges, Data Quality and Governance Manager at REaD Group

The Gemalto Breach Level Index (BLI) recently published some rather concerning findings – more data records were leaked or stolen in the first half of 2017 than in the whole of 2016. An even greater cause for concern, and perhaps somewhat surprising, the report also revealed that the most common cause for data breaches was accidental loss and data being inadvertently left exposed.

While attacks by cyber criminals make for more compelling reading, more attention needs to be brought to internal threats such as accidental loss and other acts of negligence. If nothing else, the BSI report highlights that UK data security culture is in serious need of an overhaul. So how exactly can businesses better protect themselves?

However much we like to believe that information breaches are largely the result of strategically orchestrated attacks by criminal masterminds, the truth is generally far less dramatic. They are frequently the result of human error, such as misplacing hard drives, bad password management, careless file sharing or lack of vigilance to the increasingly prevalent phishing emails. All can be easily prevented.

More than anything, businesses must incorporate information security into office culture – protecting information is no longer the sole responsibility of IT and compliance departments; data security is a companywide responsibility.

As a first step, staff should be trained on a regular basis to ensure that everyone understands best practice in the workplace. The HR policy should also be altered to reflect the fact that responsibility doesn’t lie solely with IT to instigate better behaviour.

Additionally, employees should be on the lookout for potential threats to information security, such as leaving computer screens unlocked and leaving confidential paperwork unattended, and should be encouraged to self-police. Implementing a clean desk policy is a good first step towards safeguarding confidential information.

In order to better protect an information estate, companies need to understand what information they have. As well as ensuring that data is clean, viable and that all relevant permissions and consent are held for the data, companies must also ensure that the appropriate data protection and information security practices are in place. It states in Recital (100) of the GDPR that:

 ‘In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services.’

It is not currently compulsory to report a data breach, but once GDPR comes into force next year, all companies must report a data breach to the Information Commissioner’s office within 72 hours. In addition to risking a hefty fine, companies will also stand to incur the longer-standing loss to their reputation.

With this in mind, it seems highly probable that we will see an increase in breach reports – most likely not due to an increase in breaches, but because companies will have much more incentive to be transparent and open about such occurrences.

Overall, GDPR presents a great opportunity for UK businesses to step up their data protection strategies and better protect themselves against data breaches. The new regulation stipulates that companies will have to be much more rigorous in their approach to collecting, storing and using customer data – which should correspondingly see a vast reduction in accidental loss. Inevitably, this increased transparency will result in a more trusting and loyal consumer.

It is now less than 6 months until GDPR is introduced, and the more earnest businesses are to prepare and implement the necessary data protection strategies, the sooner we will see a significant reduction in the number of data breaches.


By Scott Logie, MD, Insight at REaD Group

In the ongoing race to maximise compliance and pip GDPR to that ever-encroaching finish line, the whispers and concerns over its implications continue to reach fever-pitch.

Earlier this year, the Information Commissioner’s Office (ICO) made an example of the Exeter-based airline Flybe by enforcing a sizeable £70,000 fine. The airline incurred this by sending millions of marketing emails to customers who did not wish to receive them; the ICO have made it very clear that when it comes to consent infringements – they’re taking no prisoners. ICO head of enforcement, Steve Eckersley stated that Flybe “deliberately contacted people who have already opted out of emails from them” by asking if they wanted to update their preferences, which he stressed is still a form of marketing.

It is therefore hardly surprising that many travel companies have begun to feel apprehensive about their ability to communicate with their customers come the day of GDPR reckoning (May 2018). With fines such as the one sustained by Flybe becoming more prevalent, this only emphasizes the necessity for companies to obtain consent from consumers. Consent essentially entails an individual providing approval for the processing of their personal information. The bottom line is that travel companies, and indeed all businesses alike, will have to be far more transparent if they hope to avoid harsh sanctions from an unforgiving ICO.

Initial guidance provided by the ICO suggests that a pre-ticked opt-in box will no longer constitute legally attaining permission. In lieu of this, unequivocal and unambiguous consent must be attained through active opt-in protocols; the box must be empty to begin with. Moreover, comprehensive details of how this data will be used must be provided. Contrary to the current system, consent requests must under no circumstances be hidden in the Narnia of terms and conditions or be a precondition of subscribing.

Admittedly, marketing strategies may require a bit of adjustment, but in the long run these new regulations should be seen as a positive change for both customers and operators alike.   While it may ultimately result in a shrinkage in the size of marketing databases, the overall quality and saturation of amenable and valued customers within them shall undoubtedly increase. Those who have willingly shared their personal information will prove more beneficial to marketers than those who have been duped into giving permission. Consumers are more than happy to part with their details as long as they perceive that they are receiving a tailored and personal service in exchange. With regard to Travel companies, details on a customer’s budget, lifestyle and favourite destination can be used to provide the kind of customer service that consumers have come to expect.

On the other hand, it seems likely that smaller companies and those that have already fallen under the ICO cosh may struggle somewhat more than household names to convince consumers to part with their personal data. Nonetheless, there are certain measures that all travel operators, irrespective of size or reputation, can implement to limit any negative effects of GDPR.

The most effective course of action might be to devise highly targeted marketing campaigns that demonstrate to consumers the benefit of consenting. Personal offers and relevant streams of contact can be instigated once Travel companies have segmented their customer database into smaller groups based on factors such as interests, favourite destination and budget. How soon should you do this? The sooner the better; GDPR waits for no man.

Once the swirling dust and initial shock of GDPR has settled, companies should find that they are left with a more succinct database consisting of receptive customers. Which, truth be told, is an infinitely better prospect than a larger spread of individuals who weren’t aware that they had consented in the first place. By conducting these highly targeted campaigns, travel operators can seize the opportunity to demonstrate the value exchange in sharing information and strengthen relationships with their existing customers before GDPR’s implementation. This may seem like an extreme alteration in approach, but travel companies should find that if they navigate these unchartered waters effectively – treasures and bounty await.


consumer consent

12th May 2017

By Scott Logie, MD, Insight at REaD Group

That most contentious of acronyms – GDPR – draws ever closer, and as each second ticks by the clamouring voice of the media continues to cause a frenzy around the repercussions of this new regulation for the marketing industry. As the finer details of GDPR’s implementation are not yet fully known it has left a lot of people wondering how it will affect brand’s ability to communicate and ultimately understand their customers.

The crucial aspect that has many marketers running for the hills are the changes being instigated concerning ‘consent’; essentially the permission given by an individual to allow the processing and use of their personal data. For starters, you can kiss goodbye to the pre-ticked box. Instead, businesses will be required to obtain unambiguous consent from consumers with active opt-in protocols, and must bare each tiny detail of how exactly they intend to use said data. Consent requests can no longer be sneakily hidden away in terms and conditions like a needle in a haystack or indeed be a precondition of signing up to a service. Separate consent must be obtained for EACH separate channel through which a brand wishes to communicate, as opposed to having a blanket opt-in.

All things considered, surely putting consumers at the heart of marketing and promoting more transparency and trust in the industry is a good thing? Nevertheless, these new stringent rules could ultimately mean that marketers find it difficult to target new customers and struggle to profile customer data. The key question is: as consumers become more and more sceptical about parting with their personal data, how can marketers win them over and ensure they are maintaining relationships with them once GDPR comes into full force in 2018?

The big, well-trusted brands such as Amazon, John Lewis and Marks and Spencer will be sleeping soundly in their beds in the knowledge that they should continue to have little difficulty with this conundrum. It is the less established, less trusted or less appealing companies that shall be biting furiously at their fingernails.

Companies that offer insurance or utilities will inevitably find themselves at more of an impasse when it comes to securing consent, as consumers perceive these services as a purchase made from necessity and not for enjoyment or pleasure. The reality is that while consumers are happy to provide their personal data to their favourite retailer with the promise of receiving personalised and rewarding customer service, industries such as insurance just don’t provide the same sex appeal.

Fear not! Marketers from all industries and sectors should refrain from DEFCON 1 just yet. Consider this to be a fantastic opportunity to get a head start and organise highly targeted marketing campaigns to source consent from consumers in the run up to GDPR.  In order to achieve this, customer databases would need to be profiled and different consumer segments identified. Each of these target audiences will already have different relationships with your brand, underpinned by their individual lifestyle factors, attitudes, purchasing behaviour and communication preferences. By segmenting audiences and analysing these different relationships, marketers can build a detailed picture of their customers and best understand how to persuade them of the benefits of providing their data in the most relevant fashion.

Truth be told, won’t this ultimately provide brands with a more valuable customer base and allow brands to hone their marketing approach? Evidently, some consumers will still refuse permission to their personal data, but on the bright side those that do would probably be averse to ongoing communications anyway. Why invest in consumers that are not willing to engage with your brand? Time and effort are far better spent on those that have actively requested contact. Furthermore, these consumers will appreciate the open, transparent foundation on which you have initiated this relationship and shall anticipate the same standard in future.

Of course, it goes without saying that it is vital for brands to continue to secure consumer data from May 2018, and undoubtedly (and unavoidably) there will be consumers that choose to opt-out of providing consent. However, this new focus on a transparent approach to data collection will, in due course, result in more reliable customer data and more profitable customer relationships. This new chapter of consumer consent should not be cause for concern; if tackled head on and in an effective manner, the results for marketers could be extremely lucrative and rewarding.

Talk to us today about how to effectively segment your customer data!

Andy Bridges

14th May 2016

1 – Tell us about yourself – what’s the story so far?

I’ve been involved with data for around 20 years,  staring at a business publishers in SOHO rising to Data Governance lead at one of the leading loyalty companies in the UK .…When I started in data I used  floppy disks that had a mass storage of 240mb!! Not sure if the younger generation know what those are….

2 – Tell us about your role at REaD Group – what does compliance really mean?

Compliance to me is making sure the information we collect , manage and distribute is something we can trust and is fully transparent, in turn that gives our clients confidence, I suppose I’m the ‘ rules and regulation’ man… but let’s be clear I’m not an Auditor!

3 – What changes in the industry can we expect to see in 2016?

We will be hearing more about cybersecurity with cyber-attacks becoming ever more frequent and increasingly damaging. In addition we will also see mobile commerce grow as the desktop loses its primary place.  I also believe the retention, interaction and long-term engagement of consumers will be an even smaller target to hit as we see the rise of the savvy consumer….and what’s going to gain real momentum in 2016 is the impending GDPR.

4 – What inspires you?

People with drive, determination, positive attitudes and to be honest my Dad – he never sits down and just keeps going.

5 – Who has been your business mentor?

There’s a few to mention, so I won’t pick just one… One of those mentors said ‘knowledge is power’ (yes it sounds corny….) but boy has it been true over the years.

6 – What attracted you to the REaD Group?

I’ve had a business relationship with the REaD group for many years and have always been impressed with their skill to keep moving forward and create valuable data driven marketing services for it clients.

7 – What do you like to do in your spare time?

As most people have noticed in the Office – Road Cycling. I love the open road and if I had a time machine I’d go back and be part of the pro peloton!