We have found this c…
Remember all the panic when GDPR came into force in 2018? Here’s why it was actually a good thing.
When GDPR came into force in May last year, the UK broke out into a nervous sweat.
Small businesses freaked out that they didn’t have the consent they needed. People panicked that they’d soon find themselves facing millions of pounds’ worth of fines. Heck, entire lists got deleted.
But in reality, none of those things should have happened.
Because, really, GDPR is for the big dogs. The ones whose data breaches will actually cause some harm. And while there’s yet to be a single fine dolled out to anyone in the UK, when it does eventually happen it’s unlikely to be aimed at a small business.
What GDPR did for people like you and me is actually a really good thing.
It’s made direct mail even stronger as a marketing medium for one thing. It’s ensured that mailing data is more accurate and up to date than ever too.
For example, these days you shouldn’t have to worry about buying data from a professional data broker for a direct mail campaign. No longer should you find that the list you bought is three years out of date and contains huge numbers of duplicate subject info. (Which, as you can imagine, is extremely frustrating – if you’ve been there, you’ll know.)
Instead, GDPR ensures that the information you do buy belongs to people who actually want to be contacted by direct mail.
Because of the legislation, there’s finally a legal precedent for proper data management. And proper data management produces larger, more accurate results.
It helps you waste less time and money too. Because of GDPR, you can focus more on the specific demographics for a direct mail campaign that’ll really benefit your business.
And the good news is that all our procedures, policies and in-house systems at Flow adhere to GDPR rules.
The result? Effective, efficient data management, even on a large scale.
All the data that we’ll use on a client’s behalf will go through stringent checks to make sure it’s accurate and up to date. We’ll check your own in-house data for you too.
Because the thing is, we do actually care about the whole consent thing. Being in this line of work does that to you. And that’s why we’ve helped so many companies – from online retailers to solicitors – implement their own GDPR policies and procedures.
Often we’ll get involved in the nitty gritty and manage the entire data side of things on a client’s behalf. Whether it’s managing the physical returns, amending data according to individuals’ preferences, or whatever else needs doing, we’re kind of GDPR/data geeks here.
See, the legal side of it all is pretty complex (which is why it makes sense to hand it over to someone who knows what they’re doing). But here are the important bits to understand about running a mailing campaign safely and legally.
Let’s start by checking that you know that all campaigns have to be treated individually, right?
That means you need to go through every legal step for each campaign separately and record them to prove you’re legit. (Doing so will mean you have the required GDPR assessment records to boot.)
Now let’s get down to it.
One of the things that people got caught up in when GDPR came into force was the opt-out. See, you have to give any recipient the opportunity to opt out of any future mailing. And yeah, that does sound a bit scary.
But actually, the opt-out’s a really good thing. It stops you from wasting money, needlessly sending advertising to people who aren’t interested. It streamlines your data set. It creates happier customers.
Another thing that scared businesses was refreshing consent. But the thing is, what the regulation actually insists on is lawful basis for processing.
That means you can use someone’s data so long as you have a real reason for contacting them. And the ICO lists six acceptable reasons for the communication. Cool, huh?
There a several different steps to establishing your legal basis for processing, including the following checklist from the ICO website.
☐ We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.
☐ We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
☐ We have documented our decision on which lawful basis applies to help us demonstrate compliance.
☐ We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
☐ Where we process special category data, we have also identified a condition for processing special category data, and have documented this.
☐ Where we process criminal offence data, we have also identified a condition for processing this data, and have documented this.
Obviously, there’s a bit more to the whole process than that.
So what are we really trying to say here? Here is it. GDPR is a bit of a minefield. But it’s one that you shouldn’t be scared of.
With help and advice from Flow, you’ll choose the best options for your campaigns and get things right from the start. There’s no point falling foul of the tricky parts of the rules or risking retraction when you just don’t have to.
And we should be grateful to GDPR really. Thanks to the regulation, direct mail is becoming an even stronger medium for marketing. With more streamlined data, your campaigns will show even greater returns. Let’s talk about your next campaign.